SUSE operating systems with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.
An XCCDF Rule
Description
<VulnDiscussion>If the system allows a user to boot into single-user or maintenance mode without authentication, any user that invokes single-user or maintenance mode is granted privileged access to all system information. If the system is running in EFI mode, SLES 12 by default will use GRUB 2 EFI as the boot loader.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-217145r603262_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Note: If the system does not use UEFI, this requirement is Not Applicable.
Configure the SUSE operating system to encrypt the boot password.
Generate an encrypted (GRUB 2) password for a boot user with the following command: