Skip to content

1.4.2 Ensure permissions on bootloader config are configured

Audit#

Run the following command and verify Uid and Gid are both 0/root and Access is 0400 or more restrictive. 

# stat /boot/grub/grub.cfg
Access: (0400/-r--------) Uid: ( 0/ root) Gid: ( 0/ root)

Remediation#

Run the following commands to set permissions on your grub configuration: 

# chown root:root /boot/grub/grub.cfg
# chmod u-wx,go-rwx /boot/grub/grub.cfg