Details
Set the owner and group of your boot loaders config file to the root user. These
instructions default to GRUB stored at /boot/grub/grub.cfg.
*Rationale*
Setting the owner and group to root prevents non-root users from changing the file.
Solution
Run the following to change ownership of /boot/grub/grub.cfg-# chown root-root /boot/grub/grub.cfg
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Unix.