Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4346 | GEN000000-LNX00600 | SV-63003r1_rule | ECPA-1 | Medium |
Description |
---|
If an unauthorized user has been granted privileged access while logged in at the console, the security posture of a system could be greatly compromised. Additionally, such a situation could deny legitimate root access from another terminal. |
STIG | Date |
---|---|
Oracle Linux 5 Security Technical Implementation Guide | 2015-06-05 |
Check Text ( C-51801r1_chk ) |
---|
Ensure the pam_console.so module is not configured in any files in /etc/pam.d by: # cd /etc/pam.d # grep pam_console.so * Or # ls -la /etc/security/console.perms If either the pam_console.so entry or the file /etc/security/console.perms is found then this is a finding. |
Fix Text (F-53595r1_fix) |
---|
Configure PAM to not grant sole access of administrative privileges to the first user logged in at the console. Identify any instances of pam_console. # cd /etc/pam.d # grep pam_console.so * For any files containing an un-commented reference to pam_console.so, edit the file and remove or comment out the reference. Remove the console.perms file if it exists: # rm /etc/security/console.perms |