| VID |
14068 |
| Severity |
20 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The host system does not limit su command. Because normal users can obtain root permission using su command, su command should be allowed to only permmited users.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Limit users who can use su command as the following
*Linux
Open /etc/pam.d/su and add the following 2 lines.
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group=wheel
2. if wheel group does not exist in /etc/group, add wheel group as the following
groupadd wheel
3. Add users who are allowed to use su command to /etc/group
wheel:x:10:root,user1,user2
4. if /etc/login.defs file exists, modify the file as the following
SU_WHEEL_ONLY yes
*Solaris
1. if wheel group does not exist in /etc/group, add wheel group as the following
groupadd wheel
2. Change the su command's group and permmition
chgrp wheel /usr/bin/su
chmod 4750 /usr/bin/su
3. Add users who are allowed to use su command as the following
usermod -G wheel user1
or
open /etc/pam.conf and add the following line.
su account required pam_sample.so.1 allow=user1, user2
*HP
Set the group that can use su command in /etc/default/security file to the following
SU_ROOT_GROUP=wheel
2. Create the group that can use su command s the following
groupadd wheel
3. Change the su command's group and permmition
chgrp wheel /usr/bin/su
chmod 4750 /usr/bin/su
4. Add users who are allowed to use su command as the following
usermod -G wheel user1
*AIX
1. Open /etc/security/user file
2. Set the group that can use su command below default: line
sugroups = [GROUP LIST] |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
