diff options
author | Sven Vermeulen <sven.vermeulen@siphos.be> | 2013-12-20 15:51:53 +0100 |
---|---|---|
committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2013-12-20 15:51:53 +0100 |
commit | 378d7c06df134396bfb673430f5c8b85259511c0 (patch) | |
tree | bc3aca60475b4da468edb2336b74906e257b5ac3 | |
parent | Switch from SYNC to sync-uri (diff) | |
download | hardened-docs-378d7c06df134396bfb673430f5c8b85259511c0.tar.gz hardened-docs-378d7c06df134396bfb673430f5c8b85259511c0.tar.bz2 hardened-docs-378d7c06df134396bfb673430f5c8b85259511c0.zip |
Add block for GRUB2 password protection (still TODO)
-rw-r--r-- | xml/SCAP/gentoo-xccdf.xml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml index d38c83f..25621c0 100644 --- a/xml/SCAP/gentoo-xccdf.xml +++ b/xml/SCAP/gentoo-xccdf.xml @@ -1388,6 +1388,20 @@ PORTAGE_GPG_DIR="/etc/portage/gpg" be (ab)used to work around security mechanisms. </h:p> </description> + <Group id="xccdf_org.gentoo.dev.swift_group_system-bootloader-grub2pass"> + <title>Password protect GRUB 2</title> + <description> + <h:p> + It is recommended to password-protect the GRUB configuration so that the + boot options cannot be modified during a boot without providing the valid + password. + </h:p> + <h:p> + TODO looks like this has become a lot more difficult to obtain + </h:p> + <reference href="https://help.ubuntu.com/community/Grub2/Passwords">GRUB2 Passwords (Ubuntu wiki)</reference> + </description> + </Group> <Group id="xccdf_org.gentoo.dev.swift_group_system-bootloader-grub1pass"> <title>Password protect GRUB (legacy)</title> <description> |