Restrict Console Device Access
The default system configuration grants the console user enhanced privileges
normally reserved for the root user, including temporary ownership of most system devices.
If not necessary, these privileges should be removed and restricted to root only.
Restrict device ownership to root only.
Edit /etc/security/console.perms.d/50-default.perms and locate the section prefaced by the following comment:
# permission definitions
Prepend a # symbol to comment out each line in that section which starts with [console] or [xconsole]
Edit /etc/security/console.perms and make the following changes:
[console]=tty[0-9][0-9]* vc/[0-9][0-9]* :0\.[0-9] :0
[xconsole]=:0\.[0-9] :0
[xconsole]=:0\.[0-9] :0
