Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
If LILO is the authorized boot loader for the system, a global password must be defined in /etc/lilo.conf.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4252 | GEN000000-LNX00180 | SV-4252r2_rule | IAIA-1 IAIA-2 | High |
| Description |
|---|
| If LILO has been approved for use, it must be password protected to prevent malicious booting into single user mode and to prevent booting of an insecure operating system. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-2076r2_chk ) |
|---|
| Check for the password to precede the first image stanza in /etc/lilo.conf: # more /etc/lilo.conf password=”” image=/boot/vmlinuz-2.4.20-6smp If a password is not found, then this is a finding. |
| Fix Text (F-4163r2_fix) |
|---|
| Password protect LILO by including the password=password line to the global section of /etc/lilo.conf. |