Information
Note: Please ensure 'lock' command is located after 'title Solaris failsafe' in file /boot/grub/menu.lst. Nessus can only verify existence/non-existence of 'lock' command.
GRUB is a boot loader for x86/x64 based systems that permits loading an OS image from any location. Oracle x86 systems support the use of a GRUB Menu password for the console.
Solution
Perform the following to implement the recommended state-
/boot/grub/bin/grub grub> md5crypt Password- [enter desired boot loader password] Encrypted: [enter md5 password string] grub> [enter control-C (^C)]
The actual menu.lst file to be used varies depending upon whether ZFS or UFS is used as the root file system. If a ZFS filesystem is being used, then edit the file /rpool/boot/grub/menu.lst. Otherwise edit the file /boot/grub/menu.lst. Add the following line to the menu.lst file above the entries added by bootadm-
password -md5 [enter md5 password string generated above]
Next, add the keyword lock to the Solaris failsafe boot entry as in the following example: title Solaris failsafe lock
Last, ensure the menu.lst file can only be read by the root user:
(UFS)
chmod 600 /boot/grub/menu.lst (ZFS)
chmod 600 /rpool/boot/grub/menu.lst