InformationThe grub configuration file contains information on boot settings and passwords for unlocking boot options.
Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them.
SolutionRun the following commands to set permissions on your grub configuration:
# chown root:root /boot/grub/grub.cfg
# chmod u-wx,go-rwx /boot/grub/grub.cfg
This recommendation is designed around the grub bootloader, if LILO or another bootloader is in use in your environment enact equivalent settings.
Replace /boot/grub/grub.cfg with the appropriate grub configuration file for your environment