CCE-26891-2Platform: cpe:/o:centos:centos:6, cpe:/o:oracle:linux:6, cpe:/o:redhat:enterprise_linux:6 | Date: (C)2014-09-10 (M)2023-07-04 |
To further limit access to the root account, administrators can disable root logins at the console by editing the /etc/securetty file. This file lists all devices the root user is allowed to login to. If the file does not exist at all, the root user can login through any communication device on the system, whether via the console or via a raw network interface. This is dangerous as user can login to his machine as root via Telnet, which sends the password in plain text over the network. By default, CentOS Enteprise Linux"s /etc/securetty file only allows the root user to login at the console physically attached to the machine. To prevent root from logging in, remove the contents of this file. To prevent direct root logins, remove the contents of this file by typing the following command: echo > /etc/securetty
Parameter:
[]
Technical Mechanism:
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:53809 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:21983 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:20299 |