UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The /etc/securetty file must have mode 0600 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-12040 GEN000000-LNX00660 SV-44700r1_rule Medium
Description
The securetty file contains the list of terminals permitting direct root logins. It must be protected from unauthorized modification.
STIG Date
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide 2018-09-19

Details

Check Text ( C-42204r1_chk )
Check /etc/securetty permissions.

Procedure:
# ls -lL /etc/securetty

If /etc/securetty has a mode more permissive than 0600, this is a finding.
Fix Text (F-38154r1_fix)
Change the mode of the /etc/securetty file to 0600.

Procedure:
# chmod 0600 /etc/securetty