ALMA-09-006290 - AlmaLinux OS 9 must require a boot loader password.

Information

Password protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.

Solution

Configure AlmaLinux OS 9 to require a grub bootloader password for the grub superuser account.

Generate an encrypted grub2 password for the grub superuser account with the following command:

$ grub2-setpassword
Enter password:
Confirm password:

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CL_AlmaLinux_OS_9_V1R1_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CAT|II, CCI|CCI-000213, Rule-ID|SV-269137r1050019_rule, STIG-ID|ALMA-09-006290, Vuln-ID|V-269137

Plugin: Unix

Control ID: bcbf92d5f2a7a287a37b1adfd70d15e36b4d13cf6ad5bce5dcd2dc8a056743a5