The Photon operating system must disable the debug-shell service.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-258873 | SRG-OS-000480-GPOS-00227 | PHTN-40-000210 | SV-258873r991589_rule | 2024-07-11 | 2 |
| Description |
|---|
| The debug-shell service is intended to diagnose systemd related boot issues with various systemctl commands. Once enabled and following a system reboot, the root shell will be available on tty9. This service must remain disabled until and unless otherwise directed by VMware support. |
| ℹ️ Check |
|---|
| At the command line, run the following command to verify the debug-shell service is disabled: # systemctl status debug-shell.service If the debug-shell service is not stopped and disabled, this is a finding. |
| ✔️ Fix |
|---|
| At the command line, run the following commands: # systemctl stop debug-shell.service # systemctl disable debug-shell.service |