RHEL 9 /boot/grub2/grub.cfg file must be owned by root.

STIG ID: RHEL-09-212030  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-257791

Vulnerability Discussion

The " /boot/grub2/grub.cfg" file stores sensitive system configuration. Protection of this file is critical for system security.

Check

Verify the ownership of the "/boot/grub2/grub.cfg" file with the following command:

$ sudo stat -c "%U %n" /boot/grub2/grub.cfg

root /boot/grub2/grub.cfg

If "/boot/grub2/grub.cfg" file does not have an owner of "root", this is a finding.

Fix

Change the owner of the file /boot/grub2/grub.cfg to root by running the following command:

$ sudo chown root /boot/grub2/grub.cfg