Profile Applicability:
• Level 1
Description:
Ensuring that the root account has a password set prevents unauthorized access to the highest-privilege account on the system, protecting system integrity and security.
Rationale:
A root account without a password allows unrestricted access, posing a severe security risk. Setting a strong password enforces authentication and limits access to authorized users only.
Impact:
Pros:
Protects critical system functions by securing the root account.
Supports compliance with security policies.
Cons:
If the password is forgotten, administrative access can be lost.
Default Value:
By default, the root account password may be unset or locked depending on the system configuration.
Pre-requisites:
Physical or administrative access to the system to set the password.
Remediation:
Test Plan:
Using Linux command line:
- Check if the root account has a password set:
sudo passwd -S root
The output should indicate if the password is set (e.g., P for password set, L for locked).
Implementation Plan:
Using Linux command line:
- Set or reset the root password:
sudo passwd root
Follow prompts to enter a strong password.
Backout Plan:
Using Linux command line:
- If needed, lock the root account temporarily:
sudo passwd -l root
Verify lock status with passwd -S root.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
passwd Manual