STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

V-282627

CAT II (Medium)

TOSS 5 must disable the ability of systemd to spawn an interactive boot process.

Rule ID

SV-282627r1200861_rule

STIG

Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366

Discussion

Using interactive or recovery boot, the console user could disable auditing, firewalls, or other services, thereby weakening system security.

Check Content

Verify GRUB 2 is configured to disable interactive boot.

Check that the current GRUB 2 configuration disables the ability of systemd to spawn an interactive boot process using the following command:

$ sudo grubby --info=ALL | grep args | grep 'systemd.confirm_spawn'

If any output is returned, this is a finding.

Fix Text

Configure TOSS 5 to allocate sufficient audit_backlog_limit to disable the ability of systemd to spawn an interactive boot process using the following command:

$ sudo grubby --update-kernel=ALL --remove-args="systemd.confirm_spawn"