STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: The root account must not be used for direct log in.

DISA Rule

SV-64397r1_rule

Vulnerability Number

V-11979

Group Title

GEN001020

Rule Version

GEN001020

Severity

CAT II

CCI(s)

• CCI-000770 - The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Weight

10

Fix Recommendation

Enforce policy requiring all root account access is attained by first logging into a user account and then becoming root preferably through the use of "sudo" which provides traceability to the command level. If that is not workable then using "su" to access the root account will provide traceability to the login user.

Check Contents

Check if root is used for direct logins.

Procedure:
# last root | grep -v reboot

Direct logins are indicated by the presence of a terminal or pseudo-terminal ID and/or X display name in the output of the last command. If any direct login records for root are listed, this is a finding.

Vulnerability Number

V-11979

Documentable

False

Rule Version

GEN001020

Severity Override Guidance

Check if root is used for direct logins.

Procedure:
# last root | grep -v reboot

Direct logins are indicated by the presence of a terminal or pseudo-terminal ID and/or X display name in the output of the last command. If any direct login records for root are listed, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments