Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-38583 | RHEL-06-000067 | SV-50384r4_rule | Medium |
Description |
---|
Proper permissions ensure that only the root user can modify important boot parameters. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2018-11-28 |
Check Text ( C-46141r5_chk ) |
---|
To check the permissions of "/boot/grub/grub.conf", run the command: $ sudo ls -lL /boot/grub/grub.conf If the system uses UEFI check the permissions of “/boot/efi/EFI/redhat/grub.conf” file: $ sudo ls –lL /boot/efi/EFI/redhat/grub.conf If properly configured, the output should indicate the following permissions: "-rw-------" If it does not, this is a finding. |
Fix Text (F-43531r3_fix) |
---|
File permissions for "/boot/grub/grub.conf" and “/boot/efi/EFI/redhat/grub.conf” should be set to 600, which is the default. To properly set the permissions of "/boot/grub/grub.conf", run the command: $ chmod 600 /boot/grub/grub.conf To properly set the permissions of “/boot/efi/EFI/redhat/grub.conf”, run the command: $ chmod 600 /boot/efi/EFI/redhat/grub.conf Boot partitions based on VFAT, NTFS, or other non-standard configurations may require alternative measures. |