If LILO is the authorized boot loader for the system, a global password must be defined in /etc/lilo.conf.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4252 | GEN000000-LNX00180 | SV-4252r2_rule | IAIA-1 IAIA-2 | High |
| Description |
|---|
| If LILO has been approved for use, it must be password protected to prevent malicious booting into single user mode and to prevent booting of an insecure operating system. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-2076r2_chk ) |
|---|
| Check for the password to precede the first image stanza in /etc/lilo.conf: # more /etc/lilo.conf password=”” image=/boot/vmlinuz-2.4.20-6smp If a password is not found, then this is a finding. |
| Fix Text (F-4163r2_fix) |
|---|
| Password protect LILO by including the password=password line to the global section of /etc/lilo.conf. |