STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-208843r603263_rule
V-208843
SRG-OS-000080
OL6-00-000068
CAT II
10
The grub boot loader should have password protection enabled to protect boot-time settings. To do so, select a password and then generate a hash from it by running the following command:
# grub-crypt --sha-512
When prompted to enter a password, insert the following line into "/boot/grub/grub.conf" immediately after the header comments. (Use the output from "grub-crypt" as the value of [password-hash]):
password --encrypted [password-hash]
To verify the boot loader password has been set and encrypted, run the following command:
# grep password /boot/grub/grub.conf
The output should show the following:
password --encrypted $6$[rest-of-the-password-hash]
If it does not, this is a finding.
V-208843
False
OL6-00-000068
To verify the boot loader password has been set and encrypted, run the following command:
# grep password /boot/grub/grub.conf
The output should show the following:
password --encrypted $6$[rest-of-the-password-hash]
If it does not, this is a finding.
M
2928