Title

The root account must not be used for direct logins. (Cat II impact)

Discussion

Direct login with the root account prevents individual user accountability. Acceptable non-routine uses of the root account for direct login are limited to emergency maintenance, the use of single-user mode for maintenance, and situations where individual administrator accounts are not available.

Check Content

Check if the root is used for direct logins. Procedure: # last root | grep -v reboot If any direct login records for root exist, this is a finding. Verify the root user is configured as a role, rather than a normal user. Procedure: # egrep '^root:' /etc/user_attr If the returned line does not include "type=role", this is a finding.

Fix Text

Convert the root user into a role. # usermod -K type=role root Add the root role to authorized users' logins. # usermod -R root <userid>

Additional Identifiers

Rule ID: SV-226479r603265_rule

Vulnerability ID: V-226479

Group Title: SRG-OS-000109

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.