CIS recommendation 5.2.8 in version 2.2.0 of the RHEL 7 benchmark is that we should disable remote root logins. We have visited this example already in other guises, and here we will look specifically at the recommendations in the CIS Benchmark document to help us understand how this should be implemented.
The document states that, to audit for this requirement (and thus score this item), the following test result should be observed:
# grep "^PermitRootLogin" /etc/ssh/sshd_config PermitRootLogin no
Note that the command is intended for a human being to interpret the output of it—this command will return the PermitRootLogin line from this file, regardless of whether it is enabled or disabled. The text shows ...