According to GLBA, HIPAA, PCI, SOX, and FFIEC, an organization must prove to have control over privileged users and know who holds master passwords and track these users’ activity.
Recommendations:
Do not use shared privileged accounts such as root
or admin
.
Do not use hard-coded privileged accounts.
Avoid using privileged accounts such as root for installation and
configuration, use sudo
to gain privileges instead.
Do not use shared privileged accounts (admin
or root
) to login
remotely through SSH to any node. Disable login for privileged
accounts:
PermitRootLogin no