GEN000850 - The system must restrict the ability to switch to the root user to members of a defined group.

Information

Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.

Solution

Edit /etc/pam.d/su and uncomment or add a line such as 'auth required pam_wheel.so'. If necessary, create a 'wheel' group and add administrative users to the group.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2c., 800-53|AC-3(7), CAT|III, CCI|CCI-000009, CCI|CCI-002169, Rule-ID|SV-218243r603259_rule, STIG-ID|GEN000850, STIG-Legacy|SV-64327, STIG-Legacy|V-22308, Vuln-ID|V-218243

Plugin: Unix

Control ID: 778a554deaf0b87d4ac23adafc2e09abca900d8e5c8a1b36f61a279ae6443e9a