Home / ubuntu / Questions / 954671
Accepted
knb
Asked: 2017-09-11 23:42:46 +0800 CST

Permissions of /boot/grub/menu according to security tool "tiger"

  • 772

Open-source security tool "tiger" sent me an email containg this:

The configuration file /boot/grub/menu.lst has world permissions. Should be 0600

This is reported twice, once as a warning and in the same mail on the next line, as a failure.

Now I have two questions:

  • Should I set permissions as the tool recommends? (This is for a fileserver exposing only very few ports, but to the general internet)
  • Is this a misconfiguration of the tool (because it occurs twice)?
grub2

1 Answers

  1. Best Answer

    Executive Summary:

    You should change the file permission to be 600

    chmod 600 /boot/grub/menu.lst

    You might want to do the same for /boot/grub/grub.cfg

    Detailed Answer:

    This issue was reported here a long time ago 

    tiger emits these two notices:
# --WARN-- [boot02] The configuration file /boot/grub/menu.lst has group permissions. Should be 0600
# --FAIL-- [boot02] The configuration file /boot/grub/menu.lst has world permissions. Should be 0600

    I see no reason to worry about it having root group access. This should be fixed in tiger.

    menu.lst should not be world-readable to protect the (optional) password hash there-in from dictionary cracking attempts. This should be fixed in grub.

    According to the link in launchpad grub2 was fixed.

    • 1