OL08-00-010140 – OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.

Details

If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.

Solution

Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the ‘/boot/efi/EFI/redhat/user.cfg’ file.

Generate an encrypted grub2 password for the grub superusers account with the following command:

$ sudo grub2-setpassword
Enter password:
Confirm password:

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_8_V1R1_STIG.ziphttps://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_8_V1R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-3
CAT|I
CCI|CCI-000213
Rule-ID|SV-248537r779177_rule
STIG-ID|OL08-00-010140
Vuln-ID|V-248537

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles