The system must require authentication before allowing modification of the boot devices or menus. Secure the GRUB Menu (Intel).
An XCCDF Rule
Description
<VulnDiscussion>The flexibility that GRUB provides creates a security risk if its configuration is modified by an unauthorized user. The failsafe menu entry needs to be secured in the same environments that require securing the systems firmware to avoid unauthorized removable media boots.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-216218r959010_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
The root role is required.
This action applies to the global zone only. Determine the zone that you are currently securing.
# zonename