security checks have flagged a vulnerability as below on Exadata Machine running Linux 7.9:
"Anonymous root logins should only be allowed from system console. /etc/securetty allows you to specify on which tty's and virtual consoles root is allowed to login. The tty and vc's listed in this file will allow root to login on certain tty's and VC's. On other tty or vc's root user will not be allowed and user has to su to become root.
Following entries in /etc/securetty may allow anonymous root logins: ttyS0hvc0"
Our current config file is as below. Can you confirm the implications of removing any of the below from the file? I understand we require tty1 For ILOM access to root, what about the others?
[root@server~]# cat /etc/securetty
console
tty1
ttyS0
hvc0
Can we safely remove any of the entries which have been flagged safely without breaking functionality? Also when making changes to the /etc/securetty file would this require a reboot of any services?
Any help would be appreciated?