UCF STIG Viewer Logo

The system must restrict the ability to switch to the root user to members of a defined group.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22308 GEN000850 SV-26349r1_rule ECLP-1 Low
Description
Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2018-09-14

Details

Check Text ( C-36297r1_chk )
Check /etc/default/security for the SU_ROOT_GROUP setting.

# grep SU_ROOT_GROUP /etc/default/security

Unless this setting is present, configured, and not commented out, this is a finding.
Fix Text (F-31552r1_fix)
Edit /etc/default/security and uncomment, set, or add the SU_ROOT_GROUP setting with a value of wheel or equivalent. If necessary, create a wheel group and add administrative users to the group.