GEN000850 - The system must restrict the ability to switch to the root user to members of a defined group.

Information

Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.

Solution

Edit /etc/pam.d/su and uncomment or add a line such as 'auth required pam_wheel.so'. If necessary, create a 'wheel' group and add administrative users to the group.

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2c., CAT|III, CCE|CCE-15047-4, CCI|CCI-000009, Group-ID|V-22308, Rule-ID|SV-37345r1_rule, STIG-ID|GEN000850, Vuln-ID|V-22308

Plugin: Unix

Control ID: 6e2b35b25d0af6c35bdf5e5782fb1d574f5e0bec3c06d08793220ec367b0a14b