Include warning about the pam_securetty.so PAM module #9348
Conversation
The no_direct_root_logins rule checks and remediate the /etc/securetty file, which is used by the pam_securetty.so module. Currently, this module is no longer enabled by default in many distros. It was included a warning message to make the user aware of this, since the /etc/securetty file is useless without the pam_securetty.so module properly enabled.
marcusburghardt
added
the
Update Rule
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
Code Climate has analyzed commit 31492f1 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 42.7% (0.0% change). View more on Code Climate. |
|
|
||
| <ind:textfilecontent54_object id="object_etc_securetty_exists" version="1" | ||
| comment="/etc/securetty file exists"> |
There was a problem hiding this comment.
Small nitpick: We usually avoid checking whitespace changes in, because it just adds noise during the review, the reviewer needs to examine what exactly changes there. Don't remove them now but try avoiding it in future PRs.
There was a problem hiding this comment.
I'm aware @jan-cerny . Since it was a very small change I chose to keep them with the other changes.
Description:
The
no_direct_root_loginsrule checks and remediate the/etc/securettyfile, which is used by thepam_securetty.somodule. Currently, this module is no longer enabled by default in many distros. It was included a warning message to make the user aware of this, since the/etc/securettyfile is useless without thepam_securetty.somodule properly enabled.Rationale:
Increase awareness for the users