GEN000980 - The system must prevent the root account from directly logging in except from the system console.

Information

Limiting the root account direct logins to only system consoles protects the root account from direct unauthorized access from a non-console device.

Solution

The root account can be protected from non-console device logins by setting rlogin = false in the root: stanza of the /etc/security/user file.

#chsec -f /etc/security/user -s root -a rlogin=false

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(5), CAT|II, CCI|CCI-000770, Group-ID|V-778, Rule-ID|SV-38683r1_rule, STIG-ID|GEN000980, Vuln-ID|V-778

Plugin: Unix

Control ID: 5b734062c59c5d6bb5eedc1037a99f695d28be34ca9a2c1c64263ee00c730a8a