STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-4346

CAT II (Medium)

The Linux PAM system must not grant sole access to admin privileges to the first user who logs into the console.

Rule ID

SV-44665r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000225CCI-000366

Discussion

If an unauthorized user has been granted privileged access while logged in at the console, the security posture of a system could be greatly compromised. Additionally, such a situation could deny legitimate root access from another terminal.

Check Content

Ensure the pam_console.so module is not configured in any files in /etc/pam.d by:

      # cd /etc/pam.d
      # grep pam_console.so *

Or

      #       ls –la /etc/security/console.perms

If either the pam_console.so entry or the file /etc/security/console.perms is found then this is a finding.

Fix Text

Ensure PAM is not configured to grant sole access of administrative privileges to the first user logged in at the console. Remove the console.perms file if it exists:
# rm /etc/security/console.perms