Check: RHEL-06-000065
Red Hat Enterprise Linux 6 STIG:
RHEL-06-000065
(in versions v2 r2 through v1 r14)
Title
The system boot loader configuration file(s) must be owned by root. (Cat II impact)
Discussion
Only root should be able to modify important boot parameters.
Check Content
To check the ownership of "/boot/grub/grub.conf", run the command: $ ls -lL /boot/grub/grub.conf If properly configured, the output should indicate that the owner is "root". If it does not, this is a finding.
Fix Text
The file "/boot/grub/grub.conf" should be owned by the "root" user to prevent destruction or modification of the file. To properly set the owner of "/boot/grub/grub.conf", run the command: # chown root /boot/grub/grub.conf
Additional Identifiers
Rule ID: SV-217901r603264_rule
Vulnerability ID: V-217901
Group Title: SRG-OS-000480
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |