STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must prevent direct login into the root account.

DISA Rule

SV-219168r610963_rule

Vulnerability Number

V-219168

Group Title

SRG-OS-000109-GPOS-00056

Rule Version

UBTU-18-010036

Severity

CAT II

CCI(s)

• CCI-000770 - The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed.

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to prevent direct logins to the root account by performing the following operations:

sudo passwd -l root

Check Contents

Verify the Ubuntu operating system prevents direct logins to the root account.

Check that the Ubuntu operating system prevents direct logins to the root account with the following command:

# sudo passwd -S root

root L 11/11/2017 0 99999 7 -1

If the output does not contain "L" in the second field to indicate the account is locked, this is a finding.

Vulnerability Number

V-219168

Documentable

False

Rule Version

UBTU-18-010036

Severity Override Guidance

Verify the Ubuntu operating system prevents direct logins to the root account.

Check that the Ubuntu operating system prevents direct logins to the root account with the following command:

# sudo passwd -S root

root L 11/11/2017 0 99999 7 -1

If the output does not contain "L" in the second field to indicate the account is locked, this is a finding.

Check Content Reference

M

Target Key

4055

Comments