LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Change octal permissions for grub.conf to make it secure?
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-08-2018, 09:31 AM   #1
JockVSJock
Senior Member
 
Registered: Jan 2004
Posts: 1,420
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Question Change octal permissions for grub.conf to make it secure?

I'm working thru hardening a RHEL6 VM that is using EFI/UEFI for the boot loader.

The current permissions are the following:

Code:
[root@server redhat]# pwd ; ls -al
/boot/efi/EFI/redhat
total 264
drwx------. 2 root root   4096 May  7 11:05 .
drwx------. 3 root root   4096 Sep 18  2017 ..
-rwx------. 1 root root   1720 May  7 11:05 grub.conf
-rwx------. 1 root root 254317 Nov  9  2016 grub.efi
[root@server redhat]#
Following a STIG, stating that octal permission need to be 600, not 700.

I can't find any documentation from Red Hat, however I would think it would need to be read/write/execute as if a new kernel gets installed and this is the file that gets executed before going to run init.

I don't think its wise to change this, nor can I change this.

What do others think?

thanks


EDIT: Here is the STIG that I'm referencing:

https://www.stigviewer.com/stig/red_...inding/V-38583
Last edited by JockVSJock; 05-08-2018 at 10:37 AM.
 
Old 05-08-2018, 09:54 AM   #2
bradvan
Member
 
Registered: Mar 2009
Posts: 367

Rep: Reputation: 61
The rpm sets both to 700. However, grub.conf is just a text file. So, it can be 600 without a problem. grub.efi does need to be executable. The CIS benchmark for RHEL 6 only talks about changing grub.conf, not grub.efi. I think the STIGs are based on CIS?

In response to your edit: Correct. grub.conf can be 600 without any problems. That is what I said.
Last edited by bradvan; 05-09-2018 at 05:13 AM.
 
  


Reply

Tags
grub.conf, uefi



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
grub can find grub.conf, how do i make it permanent? lankydenny Linux - Newbie 8 06-13-2006 06:47 PM
can some fc4 user mail his grub.conf and tell me how can i make this grub read this amolgupta Linux - Software 1 03-15-2006 04:04 AM
What are the default permissions for /etc in octal for Slackware (10.1) rjohnson244 Linux - Software 6 03-08-2005 09:39 AM
please review my smb.conf and tell me how to make it more secure Lleb_KCir Linux - General 2 08-01-2004 01:07 AM
--- --- --- octal 000 permissions Fascistchicken Linux - General 4 09-05-2003 05:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:00 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration