Remote root logins (UNIX)

Module: Login Parameters

This check reports a problem when the root account can be accessed remotely through rlogin/telnet/ssh/scp. The root account should be accessed only through the system console.

The following table lists the error messages for the check.

Table: Error messages for Remote root logins

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_ROOTRLOGIN Category: Policy Compliance	UNIX (5257)	Title: Root can be accessed remotely Description:The root account can be accessed remotely through rlogin or telnet. The root account should be accessed only through the system console.	Severity: yellow-3 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Root accessible ttys: %s]
String ID: STKU_SECURETTY_MISSING Category: Policy Compliance	UNIX (5258)	Title: No tty security file Description:The tty security file is missing. This file lets you control the security of devices such as terminals, pseudo-terminals, and windows. Without this file, the root account can be accessed remotely through rlogin or telnet. You should create this file with security settings appropriate for your site.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_DEFAULT_LOGIN_MISSING Category: Policy Compliance	UNIX (5259)	Title: No default login configuration file exists Description:The system is missing the login configuration file. This file lets you control the default login behavior of terminals, pseudo-terminals, and windows. You should create this file with default values appropriate to your site. See the man page for login for additional information. You should also consider restricting root logins to the console device or to a terminal that is located in a physically secured area and directly connected to your system.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_ROOTRSSH Category: Policy Compliance	UNIX (5272)	Title: Root can be accessed remotely by SSH or SCP Description:The root account can be accessed remotely through SSH or SCP. The root account should be accessed only through the system console.	Severity: yellow-3 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_ROOTRLOGIN

Category: Policy Compliance

UNIX (5257)

Title: Root can be accessed remotely

Description:The root account can be accessed remotely through rlogin or telnet. The root account should be accessed only through the system console.

Severity: yellow-3

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Root accessible ttys: %s]

String ID: STKU_SECURETTY_MISSING

Category: Policy Compliance

UNIX (5258)

Title: No tty security file

Description:The tty security file is missing. This file lets you control the security of devices such as terminals, pseudo-terminals, and windows. Without this file, the root account can be accessed remotely through rlogin or telnet. You should create this file with security settings appropriate for your site.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_DEFAULT_LOGIN_MISSING

Category: Policy Compliance

UNIX (5259)

Title: No default login configuration file exists

Description:The system is missing the login configuration file. This file lets you control the default login behavior of terminals, pseudo-terminals, and windows. You should create this file with default values appropriate to your site. See the man page for login for additional information. You should also consider restricting root logins to the console device or to a terminal that is located in a physically secured area and directly connected to your system.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_ROOTRSSH

Category: Policy Compliance

UNIX (5272)

Title: Root can be accessed remotely by SSH or SCP

Description:The root account can be accessed remotely through SSH or SCP. The root account should be accessed only through the system console.

Severity: yellow-3

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]