The Red Hat Enterprise Linux operating system must require authentication upon booting into single-user and maintenance modes.

An XCCDF Rule

Details
Profiles

Description

If the system does not require valid root authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system.

ID: SV-204437r603261_rule
Version: RHEL-07-010481
Severity: Medium
References: CCI-000213
Updated: 4 days ago

Remediation Templates

Configure the operating system to require authentication upon booting into single-user and maintenance modes.

Add or modify the "ExecStart" line in "/usr/lib/systemd/system/rescue.service" to include "/usr/sbin/sulogin":

ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"

The Red Hat Enterprise Linux operating system must require authentication upon booting into single-user and maintenance modes.

Description

Remediation Templates

A Manual Procedure