UCF STIG Viewer Logo

The system boot loader configuration file(s) must have mode 0600 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38583 RHEL-06-000067 SV-50384r2_rule Medium
Description
Proper permissions ensure that only the root user can modify important boot parameters.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2015-05-26

Details

Check Text ( C-46141r2_chk )
To check the permissions of /etc/grub.conf, run the command:

$ sudo ls -lL /etc/grub.conf

If properly configured, the output should indicate the following permissions: "-rw-------"
If it does not, this is a finding.
Fix Text (F-43531r2_fix)
File permissions for "/boot/grub/grub.conf" should be set to 600, which is the default. To properly set the permissions of "/boot/grub/grub.conf", run the command:

# chmod 600 /boot/grub/grub.conf

Boot partitions based on VFAT, NTFS, or other non-standard configurations may require alternative measures.