Disable SSH Root Login
The PermitRootLogin parameter specifies if the root user can log in using ssh(1). The default is no.
[no/yes]
Disallowing root logins over SSH requires server admins to authenticate using their own individual account, then escalating to root via sudo or su. This in turn limits opportunity for non-repudiation and provides a clear audit trail in the event of a security incident
Fix:
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
PermitRootLogin no
oval:org.secpod.oval:def:55101
SCAP Repo OVAL Definition
2019-06-19