6.17 Secure the GRUB Menu (Intel)

Information

GRUB is a boot loader for x64 based systems that permits loading an OS image from any location. Oracle x64 systems support the use of a GRUB Menu password for the console.

The flexibility that GRUB provides creates a security risk if its configuration is modified by an unauthorized user. The failsafe menu entry needs to be secured in the same environments that require securing the systems firmware to avoid unauthorized removable media boots. Setting the GRUB Menu password helps prevent attackers with physical access to the system console from booting off some external device (such as a CD- ROM or floppy) and subverting the security of the system. The actions described in this section will ensure you cannot get to failsafe or any of the GRUB command line options without first entering the password.

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(10)

Plugin: Unix

Control ID: 249df5592840076b89519d2fb3053188d31e73c6002d77684a5830b7f0b6472a