Details

Setting the boot loader password will require that anyone rebooting the system must enter a password before being able to set command line boot parameters Requiring a boot password upon execution of the boot loader will prevent an unauthorized user from entering boot parameters or changing the boot partition. This prevents users from weakening security (e.g. turning off SELinux at boot time).

Solution

Create an encrypted password with grub-md5-crypt: # grub-md5-cryptPassword: Retype Password: Copy and paste the into the global section of /boot/grub/menu.lst: password –md5

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/1864

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Unix.

References

• 800-53|SI-7(10)

Source

• Tenable.com/audits