Home » Misconfiguration »

Access rights for Grub configuration file is not set

View the security misconfiguration catalog
  • Misconfiguration Name
  • Access rights for Grub configuration file is not set
  • Description
  • A bootloader, also known as a boot program or bootstrap loader, is a special operating system software loads and starts the boot time tasks and processes of an operating system or the computer system. Grub is bootloader for many Linux OS and the grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub configuration is usually labeled as grub.cfg and stored in /boot/grub2/ or /boot/grub/ . Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them. Fixing this misconfiguration will set the access rights of the Grub configuration file to root user only and prevents non-root users from seeing the boot parameters or changing them.
  • Severity
  • critical
  • Category
  • Linux - Grub Hardening
  • Resolution
  • Follow the below steps to resolve the misconfiguration. Run the following commands to set permissions on your grub configuration: chown root:root /boot/grub2/grub.cfg chmod og-rwx /boot/grub2/grub.cfg OR chown root:root /boot/grub/grub.cfg chmod og-rwx /boot/grub/grub.cfg
  • Potential issues that may arise after applying the resolution
  • Altering the existing security setting may create the following impact in your network operations.
  • Does remediation require reboot?
  • No

Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.