RHEL 9 /boot/grub2/grub.cfg file must be owned by root.

STIG ID: RHEL-09-212030  |  SRG: SRG-OS-000480-GPOS-00227 | Severity: medium |  CCI: CCI-000366

Vulnerability Discussion

The " /boot/grub2/grub.cfg" file stores sensitive system configuration. Protection of this file is critical for system security.

Check

Verify the ownership of the "/boot/grub2/grub.cfg" file with the following command:

$ sudo stat -c "%U %n" /boot/grub2/grub.cfg

root /boot/grub2/grub.cfg

If "/boot/grub2/grub.cfg" file does not have an owner of "root", this is a finding.

Fix

Change the owner of the file /boot/grub2/grub.cfg to root by running the following command:

$ sudo chown root /boot/grub2/grub.cfg
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.