Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Oracle Linux operating system must require authentication upon booting into single-user and maintenance modes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-221699 | OL07-00-010481 | SV-221699r603260_rule | Medium |
| Description |
|---|
| If the system does not require valid root authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. |
| STIG | Date |
|---|---|
| Oracle Linux 7 Security Technical Implementation Guide | 2023-03-06 |
Details
| Check Text ( C-23414r419169_chk ) |
|---|
| Verify the operating system must require authentication upon booting into single-user and maintenance modes. Check that the operating system requires authentication upon booting into single-user mode with the following command: # grep -i execstart /usr/lib/systemd/system/rescue.service | grep -i sulogin ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" If "ExecStart" does not have "/usr/sbin/sulogin" as an option, this is a finding. |
| Fix Text (F-23403r419170_fix) |
|---|
| Configure the operating system to require authentication upon booting into single-user and maintenance modes. Add or modify the "ExecStart" line in "/usr/lib/systemd/system/rescue.service" to include "/usr/sbin/sulogin": ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" |