GEN001120 - The system must not permit root logins using remote access programs such as ssh.

Information

Even though communications are encrypted, an additional layer of security may be gained by extending the policy of not logging directly on as root. In addition, logging in with a user-specific account preserves the audit trail.

Solution

Edit the sshd_config file and set the PermitRootLogin option to 'no'.

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(5), CAT|II, CCE|CCE-4387-7, CCI|CCI-000770, Group-ID|V-1047, Rule-ID|SV-37156r1_rule, STIG-ID|GEN001120, Vuln-ID|V-1047

Plugin: Unix

Control ID: 99e89b16f40140532d8e35102cbb72eb35d414858890056dd1a1e3057ef79348