You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running the RHEL 8 STIG scan on a STIG-hardened UEFI-boot RedHat 8 VM
Description of problem:
When RHEL-08-010140 and RHEL-08-010141 are audited on a UEFI instance, they check for the correct values set in /boot/efi/EFI/redhat/grub.cfg and /boot/efi/EFI/redhat/user.cfg. However, the latest AWS RHEL 8 images by default set /boot/efi/EFI/redhat/grub.cfg to load in values from /boot/grub2:
search --no-floppy --set prefix --file /boot/grub2/grub.cfg
set prefix=($prefix)/boot/grub2
configfile $prefix/grub.cfg
Proposed change:
The audits should be more advanced and know to check values in either /boot/efi/EFI/redhat/grub.cfg OR in /boot/grub2/grub.cfg, if the UEFI grub config file redirects there. The same should be done for the user.cfg file.
References:
The text was updated successfully, but these errors were encountered:
Share the context
Running the RHEL 8 STIG scan on a STIG-hardened UEFI-boot RedHat 8 VM
Description of problem:
When RHEL-08-010140 and RHEL-08-010141 are audited on a UEFI instance, they check for the correct values set in
/boot/efi/EFI/redhat/grub.cfgand/boot/efi/EFI/redhat/user.cfg. However, the latest AWS RHEL 8 images by default set/boot/efi/EFI/redhat/grub.cfgto load in values from/boot/grub2:Proposed change:
The audits should be more advanced and know to check values in either
/boot/efi/EFI/redhat/grub.cfgOR in/boot/grub2/grub.cfg, if the UEFI grub config file redirects there. The same should be done for the user.cfg file.References:
The text was updated successfully, but these errors were encountered: