Disable Direct Logins as Root

By default, the hardened appliances allow you to use the console to log in directly as root. As a security best practice, you can disable direct logins after you create an administrative account for nonrepudiation and test it for wheel access by using the su - root command.

Prerequisites

Complete the steps in the topic called Create a Local Administrative Account for Secure Shell.
Verify that you have tested accessing the system as an administrator before you disable direct root logins.

Procedure

Log in as root and navigate to the /etc/securetty file.
You can access this file from the command prompt.
Replace the tty1 entry with console.