Root Access

root_login_from_console

This built-in function ensures that the “root” user can only directly log into the remote system through the physical console.

The rationale behind this check is that good administrative practices disallow the direct use of the root account so that access can be traced to a specific person. Instead, use a generic user account (member of the wheel group on BSD systems) then use “su” (or sudo) to elevate privileges to perform administrative tasks.

Operating System	Implementation
Linux and HP-UX	Make sure that `/etc/securetty` exists and only contains “console”.
Solaris	Make sure that `/etc/default/login` contains the line `CONSOLE=/dev/console`.
macOS	This option is not supported.

Usage

<item>

name: "root_login_from_console"

description: "This check makes sure that root can only log in from the system console (not remotely)."

</item>