1.5.1 Ensure permissions on bootloader config are configured - /boot/grub2/grub.cfg

Information

The grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub configuration is usually grub.cfg and grubenv stored in
/boot/grub2/` Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them.

Solution

Run the following commands to set permissions on your grub configuration: # chown root:root /boot/grub2/grub.cfg # chmod og-rwx /boot/grub2/grub.cfg # chown root:root /boot/grub2/grubenv # chmod og-rwx /boot/grub2/grubenv

See Also

https://workbench.cisecurity.org/files/2518

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(9), CSCv7|5.1

Plugin: Unix

Control ID: 7131b739ba1c9af23ad414cfcc781991ca9b7b2499bb196de1f9bab27598ff7d