Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Logins to the root account must be restricted to the system console only.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-216361 | SOL-11.1-040430 | SV-216361r959010_rule | Medium |
| Description |
|---|
| Use an authorized mechanism such as RBAC and the "su" command to provide administrative access to unprivileged accounts. These mechanisms provide an audit trail in the event of problems. |
| STIG | Date |
|---|---|
| Solaris 11 SPARC Security Technical Implementation Guide | 2024-05-30 |
Details
| Check Text ( C-17597r371171_chk ) |
|---|
| This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. Determine if root login is restricted to the console. # grep "^CONSOLE=/dev/console" /etc/default/login If the output of this command is not: CONSOLE=/dev/console this is a finding. |
| Fix Text (F-17595r371172_fix) |
|---|
| The root role is required. Modify the /etc/default/login file # pfedit /etc/default/login Locate the line containing: CONSOLE Change it to read: CONSOLE=/dev/console |