bootloader password check faulty

1 votes

Audit process for new CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 section 1.4.1 seems to be faulty.

you are doing a find in /boot for usr.cfg to set a l_grub_password_file variable which you then check against. But if more than 1 file is found the following check doesn't work even if both files have the required output

Done Benchmark Community Suggestion Suggested by: Steve Milner (18 Jun, '24) • Upvoted: 18 Jun, '24 • Comments: 1

Comments: 1
Oldest • Newest • Most likes • Fewest likes

21 Jun, '24
Moderator Admin
Highlighted comment

Hi Steve

We ask that Benchmark specific comments be posted to the specific community as the community makes decisions on recommendations.
You can create a ticket for your comments at this link https://workbench.cisecurity.org/sections/2758849/recommendations/4466556

Thanks

Chris

bootloader password check faulty

Comments: 1 Oldest • Newest • Most likes • Fewest likes

Comments: 1
Oldest • Newest • Most likes • Fewest likes