The Linux PAM system must not grant sole access to admin privileges to the first user who logs into the console.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4346 | GEN000000-LNX00600 | SV-44665r1_rule | Medium |
| Description |
|---|
| If an unauthorized user has been granted privileged access while logged in at the console, the security posture of a system could be greatly compromised. Additionally, such a situation could deny legitimate root access from another terminal. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide | 2018-09-19 |
Details
| Check Text ( C-42168r1_chk ) |
|---|
| Ensure the pam_console.so module is not configured in any files in /etc/pam.d by: # cd /etc/pam.d # grep pam_console.so * Or # ls –la /etc/security/console.perms If either the pam_console.so entry or the file /etc/security/console.perms is found then this is a finding. |
| Fix Text (F-38118r1_fix) |
|---|
| Ensure PAM is not configured to grant sole access of administrative privileges to the first user logged in at the console. Remove the console.perms file if it exists: # rm /etc/security/console.perms |