When logging in to your account, a safe way is to log in to the account on the same computer or mobile phone through the same browser. If you frequently sign in to your account on different devices through different browsers, your account activity may be considered suspicious and the service provider will disable your account.
The file /etc/securetty contains a list of valid terminals that may be logged in directly as root. Rationale Since the system console has special properties to handle emergency situations, it is important to ensure that the console is in a physically secure location …
Table of Contents. 5.5 Ensure root login is restricted to system console (Not Scored) Profile Applicability. Description. Rationale. Audit. Remediation.
The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access.Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su command will only allow users in the wheel group to execute su.
The above changes will not restrict a direct root login via console as that is not ssh. Disable direct root login via console. To achieve this clear the contents of “/etc/securetty” By default this file contains the content of all the terminals on which a direct root login would be allowed
Restricting Superuser (root) Access on the Console. The superuser account is used by the operating system to accomplish basic functions, and has wide-ranging control over the entire operating system. The superuser account has access to and can execute essential system programs.
Jun 11, 2010 · The requirement to disable root login on console suggests that your server’s physical environment is not secure. Fix that first. You can then e.g. point at the big, secure lock in the door of the server cabinet and say "*That* is what prevents root logins on the console."
May 02, 2015 · 5.5 Ensure root login is restricted to system console (Not Scored) 5.2.2 Ensure SSH Protocol is set to 2 (Scored) … If a system administrator wants to restrict user access further by only allowing the allowed users to log in from a particular host, the entry can be specified in the form of user@host. … Restricting which users can remotely …
5.5 Ensure root login is restricted to system console (Not Scored) 5.4.4 Ensure default user umask is 027 or more restrictive (Scored) … 5.4.4 Ensure default user umask is 027 or more restrictive (Scored) Profile Applicability … A default umask setting of 077 causes files and directories created by users to not be readable by any other user …
5.5 – Ensure root login is restricted to system console (Not Scored) Remediation. Some remediation scripts are also included, however use them at your own risk. While most of the scripts would correct the problem, they could cause outages on your system, so be sure to have a proper roll back plan before you execute the scripts. Acknowledgement
Mar 25, 2008 · You may have more or less on your machine. Run "ps -ef |grep tty" to find out exactly what you have. Be sure you test before putting in production – i.e. login via ssh (should be a "pts" port), su to root, make change, maintain this connection, and check console access. Also check another ssh connection. If it works as expected, you should be OK.