| 1 |
commit: 378d7c06df134396bfb673430f5c8b85259511c0 |
| 2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
| 3 |
AuthorDate: Fri Dec 20 14:51:53 2013 +0000 |
| 4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Dec 20 14:51:53 2013 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=378d7c06 |
| 7 |
|
| 8 |
Add block for GRUB2 password protection (still TODO) |
| 9 |
|
| 10 |
--- |
| 11 |
xml/SCAP/gentoo-xccdf.xml | 14 ++++++++++++++ |
| 12 |
1 file changed, 14 insertions(+) |
| 13 |
|
| 14 |
diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml |
| 15 |
index d38c83f..25621c0 100644 |
| 16 |
--- a/xml/SCAP/gentoo-xccdf.xml |
| 17 |
+++ b/xml/SCAP/gentoo-xccdf.xml |
| 18 |
@@ -1388,6 +1388,20 @@ PORTAGE_GPG_DIR="/etc/portage/gpg" |
| 19 |
be (ab)used to work around security mechanisms. |
| 20 |
</h:p> |
| 21 |
</description> |
| 22 |
+ <Group id="xccdf_org.gentoo.dev.swift_group_system-bootloader-grub2pass"> |
| 23 |
+ <title>Password protect GRUB 2</title> |
| 24 |
+ <description> |
| 25 |
+ <h:p> |
| 26 |
+ It is recommended to password-protect the GRUB configuration so that the |
| 27 |
+ boot options cannot be modified during a boot without providing the valid |
| 28 |
+ password. |
| 29 |
+ </h:p> |
| 30 |
+ <h:p> |
| 31 |
+ TODO looks like this has become a lot more difficult to obtain |
| 32 |
+ </h:p> |
| 33 |
+ <reference href="https://help.ubuntu.com/community/Grub2/Passwords">GRUB2 Passwords (Ubuntu wiki)</reference> |
| 34 |
+ </description> |
| 35 |
+ </Group> |
| 36 |
<Group id="xccdf_org.gentoo.dev.swift_group_system-bootloader-grub1pass"> |
| 37 |
<title>Password protect GRUB (legacy)</title> |
| 38 |
<description> |
Archives