RHEL-09-212020 - RHEL 9 must require a unique superusers name upon booting into single-user and maintenance modes.

Information

Having a nondefault grub superuser username makes password-guessing attacks less effective.

Solution

Configure RHEL 9 to have a unique username for the grub superuser account.

Edit the '/etc/grub.d/01_users' file and add or modify the following lines in the '### BEGIN /etc/grub.d/01_users ###' section:

set superusers='superusers-account'
export superusers

Once the superuser account has been added, update the grub.cfg file by running:

$ sudo grubby --update-kernel=ALL

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_9_V1R2_STIG.zip

Item Details

References: CAT|I, CCI|CCI-000213, Rule-ID|SV-257789r943055_rule, STIG-ID|RHEL-09-212020, Vuln-ID|V-257789

Plugin: Unix

Control ID: d541909caae7c3f319de987aedee398bfb6d495cb440bf42a51cb9e954781a5a