STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

Bootloader authentication must be enabled to prevent users without privilege to gain access restricted file system resources.

DISA Rule

SV-99131r1_rule

Vulnerability Number

V-88481

Group Title

SRG-OS-000080-GPOS-00048

Rule Version

VROM-SL-000420

Severity

CAT II

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Run the following command:

# /usr/sbin/grub-md5-crypt

An MD5 password is generated. After the password is supplied, the command supplies the md5 hash output.

Append the password to the menu.lst file by running the following command:

echo 'password --md5 <hash from grub-md5-crypt>' >> /boot/grub/menu.lst

Or use "yast2" to set the bootloader password:

Open the Boot Loader Installation tab.
Click Boot Loader Options.
Activate the Protect Boot Loader with Password option with a click and type in your Password twice.

Click "OK" twice to save the changes.

Check Contents

To verify a boot password exists. In "/boot/grub/menu.lst" run the following command:

# grep password /boot/grub/menu.lst

The output should show the following:

password --encrypted $1$[rest-of-the-password-hash]

If it does not, this is a finding.

Vulnerability Number

V-88481

Documentable

False

Rule Version

VROM-SL-000420

Severity Override Guidance

To verify a boot password exists. In "/boot/grub/menu.lst" run the following command:

# grep password /boot/grub/menu.lst

The output should show the following:

password --encrypted $1$[rest-of-the-password-hash]

If it does not, this is a finding.

Check Content Reference

M

Target Key

3461

Comments