The system boot loader configuration file(s) must have mode 0600 or less permissive.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-89595 | VRAU-SL-000430 | SV-100245r1_rule | Medium |
| Description |
|---|
| File permissions more permissive than 0600 on boot loader configuration files could allow an unauthorized user to view or modify sensitive information pertaining to system boot instructions. |
| STIG | Date |
|---|---|
| VMware vRealize Automation 7.x SLES Security Technical Implementation Guide | 2018-10-12 |
Details
| Check Text ( C-89287r1_chk ) |
|---|
| Check the /boot/grub/menu.lst file: # stat /boot/grub/menu.lst If /boot/grub/menu.lst has a mode more permissive than "0600", this is a finding. |
| Fix Text (F-96337r1_fix) |
|---|
| Change the mode of the menu.lst file to "0600": # chmod 0600 /boot/grub/menu.lst |