Verify the UEFI Boot Loader grub.cfg Permissions

An XCCDF Rule

Description

File permissions for /boot/grub2/grub.cfg should be set to 700. To properly set the permissions of /boot/grub2/grub.cfg, run the command:

$ sudo chmod 700 /boot/grub2/grub.cfg

Proper permissions ensure that only the root user can modify important boot parameters.

ID: xccdf_org.ssgproject.content_rule_file_permissions_efi_grub2_cfg
Severity: Medium
References: 12 13 14 15 16 18 3 5

APO01.06 DSS05.04 DSS05.07 DSS06.02

3.4.5

CCI-000225

4.3.3.7.3

SR 2.1 SR 5.2

A.10.1.1 A.11.1.4 A.11.1.5 A.11.2.1 A.13.1.1 A.13.1.3 A.13.2.1 A.13.2.3 A.13.2.4 A.14.1.2 A.14.1.3 A.6.1.2 A.7.1.1 A.7.1.2 A.7.3.1 A.8.2.2 A.8.2.3 A.9.1.1 A.9.1.2 A.9.2.3 A.9.4.1 A.9.4.4 A.9.4.5

AC-6(1) CM-6(a)

PR.AC-4 PR.DS-5

R29
Updated: 5 days ago