Closed ljkimmel closed 4 years ago
aaronlippold
commented
4 years ago The reason we added the parameter here was that many organizations or groups utilize a different username that root to be the superuser account. This is perfectly acceptable. And randomly generate an unknown root password to provide a another layer of security. Absolutely correct that nine times out of 10 this input would just be set to root but there's no reason we can't allow for both scenarios.
ljkimmel
commented
4 years ago Ok. Updated to only fix the datatype issue in the input.
trevor-vaughan
commented
4 years ago Honestly, per the documentation, using something other than root is NOT acceptable.
I mean, you know it's better and I know it's better, but it's not actually compliant as the prose is written.
I'm OK as it sits though because forcing a username to a known value for a security setting is not good practice.
Removed 'grub_superuser' as an input. The STIG guidance is clear that this is the only allowable account so there is no reason to allow it to be tailored.
Updated V-71961 to remove reference to the 'grub_superuser' input and hardcode "grub_superuser = 'root'".
Signed-off-by: Lesley Kimmel lesley.j.kimmel@users.noreply.github.com