AlmaLinux OS 9 must disable the ability of systemd to spawn an interactive boot process.
An XCCDF Rule
Description
Using interactive or recovery boot, the console user could disable auditing, firewalls, or other services, weakening system security.
- ID
- SV-269199r1050081_rule
- Version
- ALMA-09-013550
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure AlmaLinux OS 9 to disable the ability of systemd to spawn an interactive boot process with the following command:
$ grubby --update-kernel=ALL --remove-args="systemd.confirm_spawn"