STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must not permit root logins using remote access programs such as ssh.

DISA Rule

SV-208925r603263_rule

Vulnerability Number

V-208925

Group Title

SRG-OS-000109

Rule Version

OL6-00-000237

Severity

CAT II

CCI(s)

• CCI-000770 - The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Weight

10

Fix Recommendation

The root user should never be allowed to log in to a system directly over a network. To disable root login via SSH, add or correct the following line in "/etc/ssh/sshd_config":

PermitRootLogin no

Check Contents

To determine how the SSH daemon's "PermitRootLogin" option is set, run the following command:

# grep -i PermitRootLogin /etc/ssh/sshd_config

If a line indicating "no" is returned, then the required value is set.
If the required value is not set, this is a finding.

Vulnerability Number

V-208925

Documentable

False

Rule Version

OL6-00-000237

Severity Override Guidance

To determine how the SSH daemon's "PermitRootLogin" option is set, run the following command:

# grep -i PermitRootLogin /etc/ssh/sshd_config

If a line indicating "no" is returned, then the required value is set.
If the required value is not set, this is a finding.

Check Content Reference

M

Target Key

2928

Comments