UCF STIG Viewer Logo

The system must prevent the root account from directly logging in except from the system console.


Overview

Finding ID Version Rule ID IA Controls Severity
V-778 GEN000980 SV-38683r1_rule ECSD-2 ECPA-1 Medium
Description
Limiting the root account direct logins to only system consoles protects the root account from direct unauthorized access from a non-console device.
STIG Date
AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2014-10-03

Details

Check Text ( C-36930r1_chk )
Check the remote login ability of the root account.

Procedure:
# lsuser -a rlogin root
If the rlogin value is not false, this is a finding.
Fix Text (F-32196r1_fix)
The root account can be protected from non-console device logins by setting rlogin = false in the root: stanza of the /etc/security/user file.

#chsec -f /etc/security/user -s root -a rlogin=false