AlmaLinux OS 9 must require a boot loader password.
An XCCDF Rule
Description
Password protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.
- ID
- SV-269137r1050019_rule
- Version
- ALMA-09-006290
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure AlmaLinux OS 9 to require a grub bootloader password for the grub superuser account.
Generate an encrypted grub2 password for the grub superuser account with the following command:
$ grub2-setpassword
Enter password:
Confirm password: