STIG V-ID 38494 specifies that serial console devices should be ommitted from
Copied!
/etc/securetty
. This is easily enough accomplished in any given CM framework by scanning the file an nuking any
entries. Unfortunately, when you reboot an EL6 system, upstart puts any GRUB-specified console entries back.
I've tried creating an /etc/login/serial.override file and ommitting the
Copied!
/sbin/securetty
and
Copied!
fedora.serial-console-available
entries. Similarly tried creating an
Copied!
/etc/init/ttyS0.conf
line with those entry points ommitted. In either case, after reboot, ttyS0 is placed back into
Copied!
/etc/securetty
.
Short of nuking the offending ttyS* entries and then doing a
Copied!
chattr -i /etc/securetty
, is there any
better way to prevent the entries from coming back? I'd really rather avoid the
work-around.
Responses