Access rights for Grub configuration file is not set
Description
A bootloader, also known as a boot program or bootstrap loader, is a special operating system software loads and starts the boot time tasks and processes of an operating system or the computer system. Grub is bootloader for many Linux OS and the grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub configuration is usually labeled as grub.cfg and stored in /boot/grub2/ or /boot/grub/ . Non-root users who read the boot parameters may be able to identify weaknesses in security upon boot and be able to exploit them. Fixing this misconfiguration will set the access rights of the Grub configuration file to root user only and prevents non-root users from seeing the boot parameters or changing them.
Severity
critical
Category
Linux - Grub Hardening
Resolution
Follow the below steps to resolve the misconfiguration.
Run the following commands to set permissions on your grub configuration:
chown root:root /boot/grub2/grub.cfg
chmod og-rwx /boot/grub2/grub.cfg
OR
chown root:root /boot/grub/grub.cfg
chmod og-rwx /boot/grub/grub.cfg
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.