This is not the latest version of the STIG. This is provided for archival purposes. See the latest STIG.

The Red Hat Enterprise Linux operating system must require authentication upon booting into single-user and maintenance modes.

STIG ID: RHEL-07-010481  |  SRG: SRG-OS-000080-GPOS-00048 |  Severity: medium (CAT II)  |  CCI: CCI-000213 |  Vulnerability Id: V-204437

Vulnerability Discussion

If the system does not require valid root authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system.

Check

Verify the operating system must require authentication upon booting into single-user and maintenance modes.

Check that the operating system requires authentication upon booting into single-user mode with the following command:

# grep -i execstart /usr/lib/systemd/system/rescue.service | grep -i sulogin

ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"

If "ExecStart" does not have "/usr/sbin/sulogin" as an option, this is a finding.

Fix

Configure the operating system to require authentication upon booting into single-user and maintenance modes.

Add or modify the "ExecStart" line in "/usr/lib/systemd/system/rescue.service" to include "/usr/sbin/sulogin":

ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.