GEN000020 - The system must require authentication upon booting into single-user and maintenance modes.

Information

If the system does not require valid root authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system.

Solution

Edit /etc/default/sulogin and set PASSREQ=YES or remove /etc/default/sulogin entirely.

NOTE: This is a default on Solaris 5.5.1 and later.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CAT|II, CCI|CCI-000213, Rule-ID|SV-220072r603266_rule, STIG-ID|GEN000020, STIG-Legacy|SV-36752, STIG-Legacy|V-756, Vuln-ID|V-220072

Plugin: Unix

Control ID: ca2cc97a8293bc993f2c47b0e45dd076e3ea0d8b2d24a58de096f765382557cc