From Red Hat Enterprise Linux 6 Security Technical Implementation Guide
Part of SRG-OS-999999
Associated with: CCI-000366
Proper permissions ensure that only the root user can modify important boot parameters.
To check the permissions of "/boot/grub/grub.conf", run the command: $ sudo ls -lL /boot/grub/grub.conf If the system uses UEFI check the permissions of “/boot/efi/EFI/redhat/grub.conf” file: $ sudo ls –lL /boot/efi/EFI/redhat/grub.conf If properly configured, the output should indicate the following permissions: "-rw-------" If it does not, this is a finding.
File permissions for "/boot/grub/grub.conf" and “/boot/efi/EFI/redhat/grub.conf” should be set to 600, which is the default. To properly set the permissions of "/boot/grub/grub.conf", run the command: $ chmod 600 /boot/grub/grub.conf To properly set the permissions of “/boot/efi/EFI/redhat/grub.conf”, run the command: $ chmod 600 /boot/efi/EFI/redhat/grub.conf Boot partitions based on VFAT, NTFS, or other non-standard configurations may require alternative measures.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer