[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

139176

 
 

909

 
 

113006

 
 

156

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90923-4

Platform: rhel7,centos7Date: (C)2017-06-29   (M)2020-01-20



Set Boot Loader Password The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. To do so, select a superuser account and password and add them into the appropriate grub2 configuration file(s) under '/etc/grub.d'. Since plaintext passwords are a security risk, generate a hash for the pasword by running the following command: '$ grub2-mkpasswd-pbkdf2' When prompted, enter the password that was selected and insert the returned password hash into the appropriate grub2 configuration file(s) under '/etc/grub.d' immediately after the superuser account. (Use the output from 'grub2-mkpasswd-pbkdf2' as the value of


Parameter:


Technical Mechanism: Password protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode. For more information on how to configure the grub2 superuser account and password, please refer to https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-GRUB_2_Password_Protection.html . Fix: No Remediation Info

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30579
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31302


OVAL    2
oval:org.secpod.oval:def:30579
oval:org.secpod.oval:def:31302

© SecPod Technologies