Set Permissions on /etc/grub.conf

Details

Set permission on the /etc/grub.conf file to read and write for root only.

Rationale:

Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them.

Solution

Run the following command to remove excess permissions from /etc/grub.conf

# chmod og-rwx /etc/grub.conf

Default Value:

OS Default: No

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/3096

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-3
CSCv6|3.1
CSCv7|14.6

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles