STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-22308

CAT III (Low)

The system must restrict the ability to switch to the root user to members of a defined group.

Rule ID

SV-44899r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000009

Discussion

Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.

Check Content

Check that /etc/pam.d/su and /etc/pam.d/su-l use pam_wheel.
# grep pam_wheel /etc/pam.d/su /etc/pam.d/su-l
If pam_wheel is not present, or is commented out, this is a finding.

Fix Text

Edit /etc/pam.d/su and /etc/pam.d/su-l 
Uncomment or add a line such as "auth required pam_wheel.so".  If necessary, create a "wheel" group and add administrative users to the group.