1 |
commit: 378d7c06df134396bfb673430f5c8b85259511c0 |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Fri Dec 20 14:51:53 2013 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Dec 20 14:51:53 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=378d7c06 |
7 |
|
8 |
Add block for GRUB2 password protection (still TODO) |
9 |
|
10 |
--- |
11 |
xml/SCAP/gentoo-xccdf.xml | 14 ++++++++++++++ |
12 |
1 file changed, 14 insertions(+) |
13 |
|
14 |
diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml |
15 |
index d38c83f..25621c0 100644 |
16 |
--- a/xml/SCAP/gentoo-xccdf.xml |
17 |
+++ b/xml/SCAP/gentoo-xccdf.xml |
18 |
@@ -1388,6 +1388,20 @@ PORTAGE_GPG_DIR="/etc/portage/gpg" |
19 |
be (ab)used to work around security mechanisms. |
20 |
</h:p> |
21 |
</description> |
22 |
+ <Group id="xccdf_org.gentoo.dev.swift_group_system-bootloader-grub2pass"> |
23 |
+ <title>Password protect GRUB 2</title> |
24 |
+ <description> |
25 |
+ <h:p> |
26 |
+ It is recommended to password-protect the GRUB configuration so that the |
27 |
+ boot options cannot be modified during a boot without providing the valid |
28 |
+ password. |
29 |
+ </h:p> |
30 |
+ <h:p> |
31 |
+ TODO looks like this has become a lot more difficult to obtain |
32 |
+ </h:p> |
33 |
+ <reference href="https://help.ubuntu.com/community/Grub2/Passwords">GRUB2 Passwords (Ubuntu wiki)</reference> |
34 |
+ </description> |
35 |
+ </Group> |
36 |
<Group id="xccdf_org.gentoo.dev.swift_group_system-bootloader-grub1pass"> |
37 |
<title>Password protect GRUB (legacy)</title> |
38 |
<description> |