Title

RHEL 9 must disable the ability of systemd to spawn an interactive boot process. (Cat II impact)

Discussion

Using interactive or recovery boot, the console user could disable auditing, firewalls, or other services, weakening system security.

Check Content

Verify that GRUB 2 is configured to disable interactive boot. Check that the current GRUB 2 configuration disables the ability of systemd to spawn an interactive boot process with the following command: $ sudo grubby --info=ALL | grep args | grep 'systemd.confirm_spawn' If any output is returned, this is a finding.

Fix Text

Configure RHEL 9 to allocate sufficient audit_backlog_limit to disable the ability of systemd to spawn an interactive boot process with the following command: $ sudo grubby --update-kernel=ALL --remove-args="systemd.confirm_spawn"

Additional Identifiers

Rule ID: SV-257788r925351_rule

Vulnerability ID: V-257788

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.