UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system boot loader configuration file(s) must have mode 0600 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38583 RHEL-06-000067 SV-50384r4_rule Medium
Description
Proper permissions ensure that only the root user can modify important boot parameters.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2018-11-28

Details

Check Text ( C-46141r5_chk )
To check the permissions of "/boot/grub/grub.conf", run the command:

$ sudo ls -lL /boot/grub/grub.conf

If the system uses UEFI check the permissions of “/boot/efi/EFI/redhat/grub.conf” file:

$ sudo ls –lL /boot/efi/EFI/redhat/grub.conf

If properly configured, the output should indicate the following permissions: "-rw-------"

If it does not, this is a finding.
Fix Text (F-43531r3_fix)
File permissions for "/boot/grub/grub.conf" and “/boot/efi/EFI/redhat/grub.conf” should be set to 600, which is the default.

To properly set the permissions of "/boot/grub/grub.conf", run the command:

$ chmod 600 /boot/grub/grub.conf

To properly set the permissions of “/boot/efi/EFI/redhat/grub.conf”, run the command:

$ chmod 600 /boot/efi/EFI/redhat/grub.conf

Boot partitions based on VFAT, NTFS, or other non-standard configurations may require alternative measures.