All, I'm having trouble determining whether to send these questions to this list or the gov-sec list. If anyone has advice, please share it with me.
That said, I'm working on updating my lockdown scripts for RHEL7 to meet the spirit of the law manifested in the RHEL6 STIG. One of the requirements in the RHEL6 STIG is that "The system must prevent the root account from logging in from virtual consoles." (Rule ID: SV-50293r1_rule) Their solution is to remove all lines that start with "vc" from /etc/securetty. RHEL7 has introduced their hypervisor virtual consoles as "hvc". Not being as familiar with the hypervisor technology as I probably should be, is there a consensus for whether the requirement necessitates removing those lines from securetty as well? Thanks! Tom Albrecht -- Tom Albrecht III, CISSP-ISSEP, GPEN Information Assurance Engineer Staff Cyber & Security Solutions Team (CaS2T) Lockheed Martin Corporation, IS&GS [email protected]<mailto:[email protected]> (m) 484-798-0109 (w) 610-354-7424
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
