STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

Bootloader authentication must be enabled to prevent users without privilege to gain access to restricted file system resources.

DISA Rule

SV-100243r1_rule

Vulnerability Number

V-89593

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

VRAU-SL-000425

Severity

CAT II

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Run the following command:

# /usr/sbin/grub-md5-crypt

An MD5 password is generated. After the password is supplied, the command supplies the md5 hash output.

Append the password to the "menu.lst" file by running the following command:

echo 'password --md5 <hash from grub-md5-crypt>' >> /boot/grub/menu.lst

Or use yast2 to set the bootloader password.

Open the Boot Loader Installation tab.

Click "Boot Loader Options".

Activate the Protect Boot Loader with Password option with a click and type in the password twice.

Click "OK" twice to save the changes.

Check Contents

To verify a boot password exists, in /boot/grub/menu.lst run the following command:

# grep password /boot/grub/menu.lst

The output should show the following:

password --encrypted $1$[rest-of-the-password-hash]

If it does not, this is a finding.

Vulnerability Number

V-89593

Documentable

False

Rule Version

VRAU-SL-000425

Severity Override Guidance

To verify a boot password exists, in /boot/grub/menu.lst run the following command:

# grep password /boot/grub/menu.lst

The output should show the following:

password --encrypted $1$[rest-of-the-password-hash]

If it does not, this is a finding.

Check Content Reference

M

Target Key

3459

Comments