Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4346 | GEN000000-LNX00600 | SV-44665r1_rule | ECPA-1 | Medium |
Description |
---|
If an unauthorized user has been granted privileged access while logged in at the console, the security posture of a system could be greatly compromised. Additionally, such a situation could deny legitimate root access from another terminal. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2013-04-18 |
Check Text ( C-42168r1_chk ) |
---|
Ensure the pam_console.so module is not configured in any files in /etc/pam.d by: # cd /etc/pam.d # grep pam_console.so * Or # ls –la /etc/security/console.perms If either the pam_console.so entry or the file /etc/security/console.perms is found then this is a finding. |
Fix Text (F-38118r1_fix) |
---|
Ensure PAM is not configured to grant sole access of administrative privileges to the first user logged in at the console. Remove the console.perms file if it exists: # rm /etc/security/console.perms |