STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must prevent direct logon into the root account.

DISA Rule

SV-100343r1_rule

Vulnerability Number

V-89693

Group Title

SRG-OS-000109-GPOS-00056

Rule Version

VRAU-SL-000705

Severity

CAT I

CCI(s)

CCI-000770 - The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Weight

Fix Recommendation

Configure the SLES for vRealize to prevent direct logons to the "root" account by performing the following operations:

Add this line to the /etc/group file:

admin:x:[UNIQUE_NUMBER]:[USERNAME]

USERNAME is the user to be added to the admin group.
UNIQUE_NUMBER is a number entered into the ID field of an entry that is unique to all other IDs in the file.

Comment out the following lines in /etc/sudoers file:
Default targetpw
ALL ALL=(ALL) ALL

Under the line in the /etc/sudoers file:

root ALL=(ALL) All

Add the following line:

%admin ALL=(ALL) ALL

Run the following command:

# passwd -d root

Check Contents

Verify the SLES for vRealize prevents direct logons to the "root" account by running the following command:

# grep root /etc/shadow | cut -d "":"" -f 2

If the returned message contains any text, this is a finding.

The SLES for vRealize must prevent direct logon into the root account.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments