CCE-92355-7Platform: Amazon Linux | Date: (C)2018-10-29 (M)2022-10-10 |
Require Authentication for Single User Mode
Single-user mode is intended as a system recovery
method, providing a single user root access to the system by
providing a boot option at startup. By default, no authentication
is performed if single-user mode is selected.
By default, single-user mode is protected by requiring a password and is set
in '/usr/lib/systemd/system/rescue.service'.
Parameter:
Technical Mechanism:
This prevents attackers with physical access from trivially bypassing security
on the machine and gaining root access. Such accesses are further prevented
by configuring the bootloader password.
Fix:
grep -q ^SINGLE /etc/sysconfig/init && \
sed -i "s/SINGLE.*/SINGLE=\/sbin\/sulogin/g" /etc/sysconfig/init
if ! [ $? -eq 0 ]; then
echo "SINGLE=/sbin/sulogin" >> /etc/sysconfig/init
fi
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48542 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48749 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48542 |