AlmaLinux OS 9 must restrict the use of the "su" command.

STIG ID: ALMA-09-032470  |  SRG: SRG-OS-000109-GPOS-00056 |  Severity: medium |  CCI: CCI-004045,CCI-002165 |  Vulnerability Id: V-269363

Vulnerability Discussion

The "su" program provides a "switch user" capability. It is commonly used to become root but can be used to switch to any user.

Limiting access to such commands is considered a good security practice.

Satisfies: SRG-OS-000109-GPOS-00056, SRG-OS-000312-GPOS-00124, SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123

Check

Verify that AlmaLinux OS 9 requires uses to be members of the "wheel" group with the following command:

$ grep pam_wheel /etc/pam.d/su

auth required pam_wheel.so use_uid

If a line for "pam_wheel.so" does not exist, or is commented out, this is a finding.

Fix

Configure AlmaLinux OS 9 to require users to be in the "wheel" group to run "su" command.

In the "/etc/pam.d/su" file, uncomment the "pam_wheel.so" line as per the instructions in the file:

# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid

If necessary, create a "wheel" group and add administrative users to the group.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.