-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathSV-257788.rb
37 lines (30 loc) · 1.48 KB
/
SV-257788.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
control 'SV-257788' do
title 'RHEL 9 must disable the ability of systemd to spawn an interactive boot process.'
desc 'Using interactive or recovery boot, the console user could disable auditing, firewalls, or other services, weakening system security.'
desc 'check', "Verify that GRUB 2 is configured to disable interactive boot.
Check that the current GRUB 2 configuration disables the ability of systemd to spawn an interactive boot process with the following command:
$ sudo grubby --info=ALL | grep args | grep 'systemd.confirm_spawn'
If any output is returned, this is a finding."
desc 'fix', 'Configure RHEL 9 to allocate sufficient audit_backlog_limit to disable the ability of systemd to spawn an interactive boot process with the following command:
$ sudo grubby --update-kernel=ALL --remove-args="systemd.confirm_spawn"'
impact 0.5
ref 'DPMS Target Red Hat Enterprise Linux 9'
tag check_id: 'C-61529r925349_chk'
tag severity: 'medium'
tag gid: 'V-257788'
tag rid: 'SV-257788r991589_rule'
tag stig_id: 'RHEL-09-212015'
tag gtitle: 'SRG-OS-000480-GPOS-00227'
tag fix_id: 'F-61453r925350_fix'
tag 'documentable'
tag cci: ['CCI-000366']
tag nist: ['CM-6 b']
tag 'host'
only_if('Control not applicable within a container without sudo enabled', impact: 0.0) do
!virtualization.system.eql?('docker')
end
grubby = command('grubby --info=ALL').stdout
describe parse_config(grubby) do
its('args') { should_not include 'systemd.confirm_spawn' }
end
end