Ensure permissions on bootloader config are not overriddenID: oval:org.secpod.oval:def:96541 | Date: (C)2024-01-09 (M)2024-01-09 |
Class: COMPLIANCE | Family: unix |
The permissions on /boot/grub/grub.cfg are changed to 444 when grub.cfg is updated by the update-grub command Rationale: Setting the permissions to read and write for root only prevents non-root users from seeing the boot parameters or changing them. Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them.