{{{ oval_metadata("The requirement for a password to boot into single-user mode should be configured correctly.", rule_title=rule_title) }}} {{%- if 'ol' not in families and 'rhel' not in product and "fedora" != product-%}} {{%- if product in ["sle15", "sle16", "slmicro6"] -%}} {{%- else -%}} {{%- endif %}} {{%- endif -%}} /usr/lib/systemd/system/rescue.service ^ExecStart\s?=\s?\-?(.*)$ 1 /etc/systemd/system/rescue.service.d ^.*\.conf$ ^.*ExecStart\s?=\s+.*ExecStart\s?=\s?\-?(.*)$ 1 {{%- if product in ["fedora", "rhcos4", "sle12", "sle15", "sle16", "slmicro5", "slmicro6"] or 'ol' in families or 'rhel' in product -%}} .*/usr/lib/systemd/systemd-sulogin-shell[ ]+rescue {{%- else -%}} /bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" {{%- endif -%}} {{%- if product not in ["ol8"] and 'rhel' not in product -%}} /usr/lib/systemd/system/runlevel1.target ^Requires=.*rescue\.service 1 /usr/lib/systemd/system/rescue.target ^Requires=.*rescue\.service 1 /etc/systemd/system ^rescue.service$ /etc/systemd/system {{%- if product in [ "sle15", "sle16", "slmicro6" ] -%}} ^(runlevel1|rescue).target$ {{%- else -%}} ^runlevel1.target$ {{%- endif %}} {{%- endif -%}}