SV-64397r1_rule
V-11979
GEN001020
GEN001020
CAT II
10
Enforce policy requiring all root account access is attained by first logging into a user account and then becoming root preferably through the use of "sudo" which provides traceability to the command level. If that is not workable then using "su" to access the root account will provide traceability to the login user.
Check if root is used for direct logins.
Procedure:
# last root | grep -v reboot
Direct logins are indicated by the presence of a terminal or pseudo-terminal ID and/or X display name in the output of the last command. If any direct login records for root are listed, this is a finding.
V-11979
False
GEN001020
Check if root is used for direct logins.
Procedure:
# last root | grep -v reboot
Direct logins are indicated by the presence of a terminal or pseudo-terminal ID and/or X display name in the output of the last command. If any direct login records for root are listed, this is a finding.
M
System Administrator
2207