STIG ID: RHEL-09-212020 | SRG: SRG-OS-000080-GPOS-00048 | Severity: high | CCI: | Vulnerability Id: V-257789
Having a nondefault grub superuser username makes password-guessing attacks less effective.
Configure RHEL 9 to have a unique username for the grub superuser account.
Edit the "/etc/grub.d/01_users" file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section:
set superusers="superusers-account"
export superusers
Once the superuser account has been added, update the grub.cfg file by running:
$ sudo grubby --update-kernel=ALL
Verify the boot loader superuser account has been set with the following command:
$ sudo grep -A1 "superusers" /etc/grub2.cfg
set superusers="
export superusers
The
If superusers contains easily guessable usernames, this is a finding.