UCF STIG Viewer Logo

The /etc/securetty file must be group-owned by root, sys, or bin.


Overview

Finding ID Version Rule ID IA Controls Severity
V-12038 GEN000000-LNX00620 SV-44669r1_rule Medium
Description
The securetty file contains the list of terminals permitting direct root logins. It must be protected from unauthorized modification.
STIG Date
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide 2018-09-19

Details

Check Text ( C-42172r1_chk )
Check /etc/securetty group ownership:

# ls –lL /etc/securetty

If /etc/securetty is not group owned by root, sys, or bin, then this is a finding.
Fix Text (F-38122r1_fix)
Change the group-owner of /etc/securetty to root, sys, or bin.
Example:
# chgrp root /etc/securetty