STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must prevent the root account from logging in from virtual consoles.

DISA Rule

SV-208804r603263_rule

Vulnerability Number

V-208804

Group Title

SRG-OS-000109

Rule Version

OL6-00-000027

Severity

CAT II

CCI(s)

CCI-000770 - The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Weight

Fix Recommendation

To restrict root logins through the (deprecated) virtual console devices, ensure lines of this form do not appear in "/etc/securetty":

vc/1
vc/2
vc/3
vc/4

Note: Virtual console entries are not limited to those listed above. Any lines starting with "vc/" followed by numerals should be removed.

Check Contents

To check for virtual console entries which permit root login, run the following command:

# grep '^vc/[0-9]' /etc/securetty

If any output is returned, then root logins over virtual console devices is permitted.
If root login over virtual console devices is permitted, this is a finding.

Vulnerability Number

V-208804

Documentable

False

Rule Version

OL6-00-000027

Severity Override Guidance

Check Content Reference

Target Key

2928

The system must prevent the root account from logging in from virtual consoles.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments