Title

The system boot loader configuration file(s) must have mode 0600 or less permissive. (Cat II impact)

Discussion

Proper permissions ensure that only the root user can modify important boot parameters.

Check Content

To check the permissions of "/boot/grub/grub.conf", run the command: $ sudo ls -lL /boot/grub/grub.conf If properly configured, the output should indicate the following permissions: "-rw-------" If it does not, this is a finding.

Fix Text

Set file permissions for "/boot/grub/grub.conf" to 600, which is the default. To properly set the permissions of "/boot/grub/grub.conf", run the command: $ chmod 600 /boot/grub/grub.conf

Additional Identifiers

Rule ID: SV-217903r603264_rule

Vulnerability ID: V-217903

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.