RHEL 9 must disable the ability of systemd to spawn an interactive boot process.

An XCCDF Rule

Description

Using interactive or recovery boot, the console user could disable auditing, firewalls, or other services, weakening system security.

ID: SV-257788r1044838_rule
Version: RHEL-09-212015
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Configure the current GRUB 2 configuration to disable the ability of systemd to spawn an interactive boot process with the following command:

$ sudo grubby --update-kernel=ALL --remove-args="systemd.confirm_spawn"