The system boot loader configuration file(s) must be group-owned by root, bin, sys, or system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-89599 | VRAU-SL-000440 | SV-100249r1_rule | Medium |
| Description |
|---|
| The system's boot loader configuration files are critical to the integrity of the system and must be protected. Unauthorized modifications resulting from improper group-ownership may compromise the boot loader configuration. |
| STIG | Date |
|---|---|
| VMware vRealize Automation 7.x SLES Security Technical Implementation Guide | 2018-10-12 |
Details
| Check Text ( C-89291r2_chk ) |
|---|
| Check /boot/grub/menu.lst ownership: # stat /boot/grub/menu.lst If the group-owner of the file is not "root", "bin", "sys", or "system", this is a finding. |
| Fix Text (F-96341r1_fix) |
|---|
| Change the group-ownership of the file: # chgrp root /boot/grub/menu.lst |