RHEL 9 /boot/grub2/grub.cfg file must be owned by root.
Overview
| Finding ID |
Version |
Rule ID |
IA Controls |
Severity |
| V-257791 |
RHEL-09-212030 |
SV-257791r991589_rule |
|
Medium |
| Description |
| The " /boot/grub2/grub.cfg" file stores sensitive system configuration. Protection of this file is critical for system security. |
Details
| Check Text (C-61532r925358_chk) |
Verify the ownership of the "/boot/grub2/grub.cfg" file with the following command:
$ sudo stat -c "%U %n" /boot/grub2/grub.cfg
root /boot/grub2/grub.cfg
If "/boot/grub2/grub.cfg" file does not have an owner of "root", this is a finding. |
| Fix Text (F-61456r925359_fix) |
Change the owner of the file /boot/grub2/grub.cfg to root by running the following command:
$ sudo chown root /boot/grub2/grub.cfg |