1.4.2 Ensure access to bootloader config is configured

Audit#

Run the following command and verify Uid and Gid are both 0/root and Access is 0600 or more restrictive.

# stat -Lc 'Access: (%#a/%A) Uid: ( %u/ %U) Gid: ( %g/ %G)' /boot/grub/grub.cfg
Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root)

Run the following commands to set permissions on your grub configuration:

# chown root:root /boot/grub/grub.cfg
# chmod u-x,go-rwx /boot/grub/grub.cfg

Default Value:
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)