STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must prevent the root account from logging in from serial consoles.

DISA Rule

SV-208805r603263_rule

Vulnerability Number

V-208805

Group Title

SRG-OS-000109

Rule Version

OL6-00-000028

Severity

CAT III

CCI(s)

CCI-000770 - The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Weight

Fix Recommendation

To restrict root logins on serial ports, ensure lines of this form do not appear in "/etc/securetty":

ttyS0
ttyS1

Note: Serial port entries are not limited to those listed above. Any lines starting with "ttyS" followed by numerals should be removed.

Check Contents

To check for serial port entries which permit root login, run the following command:

# grep '^ttyS[0-9]' /etc/securetty

If any output is returned, then root login over serial ports is permitted.
If root login over serial ports is permitted, this is a finding.

Vulnerability Number

V-208805

Documentable

False

Rule Version

OL6-00-000028

Severity Override Guidance

Check Content Reference

Target Key

2928

The system must prevent the root account from logging in from serial consoles.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments