Root Access


This built-in function ensures that the “root” user can only directly log into the remote system through the physical console.

The rationale behind this check is that good administrative practices disallow the direct use of the root account so that access can be traced to a specific person. Instead, use a generic user account (member of the wheel group on BSD systems) then use “su” (or sudo) to elevate privileges to perform administrative tasks.

Operating System


Linux and HP-UX

Make sure that /etc/securetty exists and only contains “console”.


Make sure that /etc/default/login contains the line CONSOLE=/dev/console.


This option is not supported.



name: "root_login_from_console"

description: "This check makes sure that root can only log in from the system console (not remotely)."