Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-244523 | RHEL-08-010152 | SV-244523r743818_rule | Medium |
Description |
---|
If the system does not require valid root authentication before it boots into emergency or rescue mode, anyone who invokes emergency or rescue mode is granted privileged access to all files on the system. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 8 Security Technical Implementation Guide | 2023-12-01 |
Check Text ( C-47798r743816_chk ) |
---|
Check to see if the system requires authentication for emergency mode with the following command: $ sudo grep sulogin-shell /usr/lib/systemd/system/emergency.service ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency If the "ExecStart" line is configured for anything other than "/usr/lib/systemd/systemd-sulogin-shell emergency", commented out, or missing, this is a finding. |
Fix Text (F-47755r743817_fix) |
---|
Configure the system to require authentication upon booting into emergency mode by adding the following line to the "/usr/lib/systemd/system/emergency.service" file. ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency |