UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must impose the same restrictions on root logins that are already applied to non-root users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-40445 GEN000000-HPUX0220 SV-52432r2_rule Medium
Description
Best practices standard operating procedures for computing systems includes account management. If the root account is allowed to be configured without a password, or not configured to lock if there have been no logins to the root account for an organization defined time interval, the entire system can be compromised.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2017-12-08

Details

Check Text ( C-47005r2_chk )
If the system is configured for Trusted Mode, this check is not applicable.

For Standard Mode with Security Extensions (SMSE):
Check the /etc/default/security file for the following attribute(s) and attribute values:
LOGIN_POLICY_STRICT=1
# grep “LOGIN_POLICY_STRICT” /etc/default/security

If LOGIN_POLICY_STRICT=0, then the root user is not subject to the same login restrictions as non-root users. If no organizational exceptions for root are documented and LOGIN_POLICY_STRICT=0, then this is a finding.
Fix Text (F-45394r2_fix)
If the system is operating in Trusted Mode, no fix is required.

For SMSE:
Edit the /etc/default/security file and add/modify the following attribute(s) and attribute values:
LOGIN_POLICY_STRICT=1

Save the file before exiting the editor.