Red Hat Enterprise Linux 8 STIG Version Comparison

Red Hat Enterprise Linux 8 Security Technical Implementation Guide

Comparison

There are 351 differences between versions v1 r0.1 (May 11, 2020) (the "left" version) and v1 r2 (April 23, 2021) (the "right" version).

Check RHEL-08-010151 was added to the benchmark in the "right" version.

This check's original form is available here.

Text Differences

Title

RHEL 8 operating systems must require authentication upon booting into emergency or rescue modes.

Check Content

Check to see if the system requires authentication for rescue or emergency mode with the following command: $ sudo grep sulogin-shell /usr/lib/systemd/system/rescue.service ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue If the "ExecStart" line is configured for anything other than "/usr/lib/systemd/systemd-sulogin-shell rescue", commented out, or missing, this is a finding.

Discussion

If the system does not require valid root authentication before it boots into emergency or rescue mode, anyone who invokes emergency or rescue mode is granted privileged access to all files on the system.

Fix

Configure the system to require authentication upon booting into emergency or rescue mode by adding the following line to the "/usr/lib/systemd/system/rescue.service" file. ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue