Detections
Analytics
RHEL-10-700620 - RHEL 10 must not permit direct logins to the root account using remote access via Secure Shell (SSH).
Information
Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging directly on as root. In addition, logging in with a user-specific account provides individual accountability of actions performed on the system and helps to minimize direct attack attempts on root's password.OpenSSH uses the first occurrence of a keyword it sees, and drop-in files are read in lexicographical order at the start of the configuration. Red Hat recommends using drop-in files rather than changing base configuration files.
Solution
Configure RHEL 10 to prevent SSH users from logging on directly as root.In "/etc/ssh/sshd_config.d", create a drop-in file that will lexicographically precede 50-redhat.conf and add the following line:
PermitRootLogin no
Restart the SSH daemon with the following command for the settings to take effect:
$ sudo systemctl restart sshd.service
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-2(5), CAT|II, CCI|CCI-004045, Rule-ID|SV-281265r1184765_rule, STIG-ID|RHEL-10-700620, Vuln-ID|V-281265
Plugin: Unix
Control ID: e4a7c5cdff74becfbefb407da9efb043eca1d9bb983e42e4ddba6665dd31771f