9.1 Check for Remote Consoles

Information

The consadm command can be used to select or display alternate console devices.

Since the system console has special properties to handle emergency situations, it is
important to ensure that the console is in a physically secure location and that
unauthorized consoles have not been defined. The 'consadm -p' command displays any
alternate consoles that have been defined as auxiliary across reboots. If no remote consoles
have been defined, there will be no output from this command.

Solution

Perform the following to implement the recommended state-# /usr/sbin/consadm [-d device...]

See Also

https://workbench.cisecurity.org/files/616

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(3)

Plugin: Unix

Control ID: 1efdb058718baa140ecff373c9c35e55d65406c88aa06907caddccc4dd8a0ecc