RHEL-07-021700 - The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved. - set root

Information

Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the Information System Security Officer (ISSO).

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_7_V3R9_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-3f., 800-53|CM-5(1), 800-53|CM-6c., 800-53|CM-11(2), CAT|II, CCI|CCI-000318, CCI|CCI-000368, CCI|CCI-001812, CCI|CCI-001813, CCI|CCI-001814, Rule-ID|SV-204501r861008_rule, STIG-ID|RHEL-07-021700, STIG-Legacy|SV-86699, STIG-Legacy|V-72075, Vuln-ID|V-204501

Plugin: Unix

Control ID: 173da4e388464afb49aaf44105795fe01497ec15fff528d04c47c341d80c7e26