5.4.2.4 Ensure root account access is controlled

Information

There are a number of methods to access the root account directly. Without a password set any user would be able to gain access and thus control over the entire system.

Access to root should be secured at all times.

Solution

Run the following command to set a password for the root user:

# passwd root

- OR -

Run the following command to lock the root user account:

# usermod -L root

Impact:

If there are any automated processes that relies on access to the root account without authentication, they will fail after remediation.

See Also

https://workbench.cisecurity.org/benchmarks/18210