{{{ oval_metadata("The grub2 boot loader should have password protection enabled.", rule_title=rule_title) }}} {{% if product in ["ol7", "ol8", "ol9", "rhel8"] %}} {{% else %}} {{% endif %}} {{% if product not in ["ol7", "ol8", "ol9", "rhel8"] %}} {{{ grub2_boot_path }}}/grub.cfg ^[\s]*set[\s]+superusers=("?)[a-zA-Z_]+\1$ 1 {{% endif %}} {{{ grub2_boot_path }}}/user.cfg ^[\s]*GRUB2_PASSWORD=grub\.pbkdf2\.sha512.*$ 1 {{% if product not in ["ol7", "ol8", "ol9", "rhel8"] %}} {{{ grub2_boot_path }}}/grub.cfg ^[\s]*password_pbkdf2[\s]+.*[\s]+grub\.pbkdf2\.sha512.*$ 1 {{% endif %}}