GEN000020 - The system must require authentication upon booting into single-user and maintenance modes.

Information

If the system does not require valid root authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system.

Solution

Edit /etc/default/sulogin and set PASSREQ=YES or remove /etc/default/sulogin entirely. NOTE: This is a default on Solaris 5.5.1 and later.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_SPARC_V2R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CAT|II, CCI|CCI-000213, Rule-ID|SV-220019r603265_rule, STIG-ID|GEN000020, STIG-Legacy|SV-36753, STIG-Legacy|V-756, Vuln-ID|V-220019

Plugin: Unix

Control ID: d5bdaeac996e9d8ff51204fe9a3d876047490a9ac2a3bbc051e68d652c22e69f