Check: OL08-00-010152
Oracle Linux 8 STIG:
OL08-00-010152
(in versions v1 r10 through v1 r1)
Title
OL 8 operating systems must require authentication upon booting into emergency mode. (Cat II impact)
Discussion
If the system does not require valid root authentication before it boots into emergency or rescue mode, anyone who invokes emergency or rescue mode is granted privileged access to all files on the system.
Check Content
Determine if the system requires authentication for emergency mode with the following command: $ sudo grep sulogin-shell /usr/lib/systemd/system/emergency.service ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency If the "ExecStart" line is configured for anything other than "/usr/lib/systemd/systemd-sulogin-shell emergency" or is commented out or missing, this is a finding.
Fix Text
Configure the system to require authentication upon booting into emergency mode by adding the following line to the "/usr/lib/systemd/system/emergency.service" file: ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
Additional Identifiers
Rule ID: SV-248542r779192_rule
Vulnerability ID: V-248542
Group Title: SRG-OS-000080-GPOS-00048
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000213 |
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
Controls
Number | Title |
---|---|
AC-3 |
Access Enforcement |