Detections
Analytics
RHEL-10-600500 - RHEL 10 must restrict the use of the "su" command.
Information
The "su" program allows commands to be run with a substitute user and group ID. It is commonly used to run commands as the root user. Limiting access to such commands is considered a good security practice.Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000312-GPOS-00123
Solution
Configure RHEL 10 to require users to be in the "wheel" group to run the "su" command.Edit the configuration file:
$ sudo vi /etc/pam.d/su
Add the following lines:
auth required pam_wheel.so use_uid
$ sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su
If necessary, create a "wheel" group and add administrative users to the group.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
References: 800-53|AC-3(4), 800-53|IA-11, CAT|II, CCI|CCI-002038, CCI|CCI-002165, Rule-ID|SV-281205r1166567_rule, STIG-ID|RHEL-10-600500, Vuln-ID|V-281205
Plugin: Unix
Control ID: 1155a73902a21d6e56d8d2e8193642191dba852ce37767754e6d2974b87e7873