UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must restrict the ability to switch to the root user to members of a defined group.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22308 GEN000850 SV-44899r1_rule ECLP-1 Low
Description
Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.
STIG Date
SUSE Linux Enterprise Server v11 for System z 2015-05-27

Details

Check Text ( C-42339r1_chk )
Check that /etc/pam.d/su and /etc/pam.d/su-l use pam_wheel.
# grep pam_wheel /etc/pam.d/su /etc/pam.d/su-l
If pam_wheel is not present, or is commented out, this is a finding.
Fix Text (F-38331r1_fix)
Edit /etc/pam.d/su and /etc/pam.d/su-l
Uncomment or add a line such as "auth required pam_wheel.so". If necessary, create a "wheel" group and add administrative users to the group.