Skip to content

5.4.2.4 Ensure root account access is controlled

Audit#

Run the following command to verify that either the root user's password is set or the root user's account is locked: 

# passwd -S root | awk '$2 ~ /^(P|L)/ {print "User: \"" $1 "\" Password is status: " $2}'

Verify the output is either: 

User: "root" Password is status: P
- OR -
User: "root" Password is status: L
Note: - P - Password is set - L - Password is locked

Remediation#

Run the following command to set a password for the root user: 

# passwd root

- OR - Run the following command to lock the root user account: 

# usermod -L root