Change octal permissions for grub.conf to make it secure?
I'm working thru hardening a RHEL6 VM that is using EFI/UEFI for the boot loader.
The current permissions are the following: Code:
[root@server redhat]# pwd ; ls -al I can't find any documentation from Red Hat, however I would think it would need to be read/write/execute as if a new kernel gets installed and this is the file that gets executed before going to run init. I don't think its wise to change this, nor can I change this. What do others think? thanks EDIT: Here is the STIG that I'm referencing: https://www.stigviewer.com/stig/red_...inding/V-38583 |
The rpm sets both to 700. However, grub.conf is just a text file. So, it can be 600 without a problem. grub.efi does need to be executable. The CIS benchmark for RHEL 6 only talks about changing grub.conf, not grub.efi. I think the STIGs are based on CIS?
In response to your edit: Correct. grub.conf can be 600 without any problems. That is what I said. :) |
All times are GMT -5. The time now is 12:22 AM. |