Description:
The grub configuration file contains information on boot settings and passwords for
unlocking boot options.
Rationale:
Setting the permissions to read and write for root only prevents non-root users from
seeing the boot parameters or changing them. Non-root users who read the boot
parameters may be able to identify weaknesses in security upon boot and be able to
exploit them.
Audit:
Run the following command and verify Uid and Gid are both 0/root and Access is 0400
or more restrictive.
Additional Information:
This recommendation is designed around the grub bootloader, if LILO or another
bootloader is in use in your environment enact equivalent settings.
Replace /boot/grub/grub.cfg with the appropriate grub configuration file for your
environment
Profile Applicability: Level 1 - Server Level 1 - Workstation
Description: The grub configuration file contains information on boot settings and passwords for unlocking boot options.
Rationale: Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them.
Audit: Run the following command and verify Uid and Gid are both 0/root and Access is 0400 or more restrictive.
Additional Information: This recommendation is designed around the grub bootloader, if LILO or another bootloader is in use in your environment enact equivalent settings. Replace /boot/grub/grub.cfg with the appropriate grub configuration file for your environment