TOC & Recently Viewed

Recently Viewed Topics

Root Access


This built-in function ensures that the “root” user can only directly log into the remote system through the physical console.

The rationale behind this check is that good administrative practices disallow the direct use of the root account so that access can be traced to a specific person. Instead, use a generic user account (member of the wheel group on BSD systems) then use “su” (or sudo) to elevate privileges to perform administrative tasks.

Operating System


Linux and HP-UX

Make sure that /etc/securetty exists and only contains “console”.


Make sure that /etc/default/login contains the line CONSOLE=/dev/console.

Mac OS X

This option is not supported.



name: "root_login_from_console"

description: "This check makes sure that root can only log in from the system console (not remotely)."


Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.