6.14 Restrict root Login to System Console - CONSOLE = /dev/console

Information

Privileged access to the system via root must be accountable to a particular user.

Use an authorized mechanism such as RBAC and the su command to provide
administrative access to unprivileged accounts. These mechanisms provide an audit trail in
the event of problems.

Solution

Perform the following to implement the recommended state-# cd /etc/default
# awk '/CONSOLE=/ { print 'CONSOLE=/dev/console'; next };
{ print }' login > login.CIS
# mv login.CIS login

See Also

https://workbench.cisecurity.org/files/616

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(3)

Plugin: Unix

Control ID: b44e591d659d2eb17a121af6c72010407fcf3f34b9ed73be8558d80ba433c1c2