Navigate

Check: RHEL-09-212025

RHEL 9 STIG: RHEL-09-212025 (in versions v1 r3 through v1 r1)

Title

RHEL 9 /boot/grub2/grub.cfg file must be group-owned by root. (Cat II impact)

Discussion

The "root" group is a highly privileged group. Furthermore, the group-owner of this file should not have any access privileges anyway.

Check Content

Verify the group ownership of the "/boot/grub2/grub.cfg" file with the following command: $ sudo stat -c "%G %n" /boot/grub2/grub.cfg root /boot/grub2/grub.cfg If "/boot/grub2/grub.cfg" file does not have a group owner of "root", this is a finding.

Fix Text

Change the group of the file /boot/grub2/grub.cfg to root by running the following command: $ sudo chgrp root /boot/grub2/grub.cfg

Additional Identifiers

Rule ID: SV-257790r925357_rule

Vulnerability ID: V-257790

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings