[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90859-0

Platform: rhel7,centos7Date: (C)2017-06-29   (M)2022-10-10



Direct root Logins Not Allowed To further limit access to the 'root' account, administrators can disable root logins at the console by editing the '/etc/securetty' file. This file lists all devices the root user is allowed to login to. If the file does not exist at all, the root user can login through any communication device on the system, whether via the console or via a raw network interface. This is dangerous as user can login to his machine as root via Telnet, which sends the password in plain text over the network. By default, Red Hat Enteprise Linux's '/etc/securetty' file only allows the root user to login at the console physically attached to the machine. To prevent root from logging in, remove the contents of this file. To prevent direct root logins, remove the contents of this file by typing the following command: $ sudo echo > /etc/securetty


Parameter:


Technical Mechanism:

Disabling direct root logins ensures proper accountability and multifactor authentication to privileged accounts. Users will first login, then escalate to privileged (root) access via su / sudo. This is required for FISMA Low and FISMA Moderate systems. Fix: No Remediation Info

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30530
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31253
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31253
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30530


OVAL    2
oval:org.secpod.oval:def:30530
oval:org.secpod.oval:def:31253

© SecPod Technologies