STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-234819r622137_rule
V-234819
SRG-OS-000080-GPOS-00048
SLES-15-010190
CAT I
10
Note: If the system does not use a BIOS this requirement is Not Applicable.
Configure the SUSE operating system to encrypt the boot password.
Generate an encrypted (GRUB2) password for root with the following command:
> grub2-mkpasswd-pbkdf2
Enter Password:
Reenter Password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.MFU48934NJD84NF8NSD39993JDHF84NG
Using the hash from the output, modify the "/etc/grub.d/40_custom" file and add the following two lines to add a boot password for the root entry:
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.VeryLongString
Generate an updated "grub.conf" file with the new password using the following commands:
> sudo grub2-mkconfig --output=/tmp/grub2.cfg
> sudo mv /tmp/grub2.cfg /boot/grub2/grub.cfg
Verify that the SUSE operating system has set an encrypted root password.
Note: If the system does not use a BIOS this requirement is Not Applicable.
Check that the encrypted password is set for root with the following command:
> sudo cat /boot/grub2/grub.cfg | grep -i password
password_pbkdf2 root grub.pbkdf2.sha512.10000.VeryLongString
If the root password entry does not begin with "password_pbkdf2", this is a finding.
V-234819
False
SLES-15-010190
Verify that the SUSE operating system has set an encrypted root password.
Note: If the system does not use a BIOS this requirement is Not Applicable.
Check that the encrypted password is set for root with the following command:
> sudo cat /boot/grub2/grub.cfg | grep -i password
password_pbkdf2 root grub.pbkdf2.sha512.10000.VeryLongString
If the root password entry does not begin with "password_pbkdf2", this is a finding.
M
5274