Check: OL6-00-000067
Oracle Linux 6 STIG:
OL6-00-000067
(in versions v2 r7 through v1 r9)
Title
The system boot loader configuration file(s) must have mode 0600 or less permissive. (Cat II impact)
Discussion
Proper permissions ensure that only the root user can modify important boot parameters.
Check Content
To check the permissions of "/boot/grub/grub.conf", run the command: $ sudo ls -lL /boot/grub/grub.conf If properly configured, the output should indicate the following permissions: "-rw-------" If it does not, this is a finding.
Fix Text
File permissions for "/boot/grub/grub.conf" should be set to 600, which is the default. To properly set the permissions of "/boot/grub/grub.conf", run the command: # chmod 600 /boot/grub/grub.conf Boot partitions based on VFAT, NTFS, or other non-standard configurations may require alternative measures.
Additional Identifiers
Rule ID: SV-208842r793627_rule
Vulnerability ID: V-208842
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |