Lynis Controls - Boot



Security Controls

[BOOT-5121] GRUB boot loader check Category  
Check if GRUB boot loader exists Boot
Cfengine Chef Shell script Puppet Effort Risk
       
1 2 3 4 5
1 2 3 4 5

[BOOT-5122] Set boot loader password Category  
By default anyone with physical access to the machine can load alternative software or another operating system during the boot phase. Configure a password in grub to prevent this possibility. Boot
Cfengine Chef Shell script Puppet Effort Risk
    tick  
1 2 3 4 5
1 2 3 4 5

[BOOT-5139] LILO bootloader password Category  
By default anyone with physical access to the machine can load alternative software or another operating system during the boot phase. Configure a password in LILO to prevent this possibility. Boot
Cfengine Chef Shell script Puppet Effort Risk
       
1 2 3 4 5
1 2 3 4 5

[BOOT-5180] Linux boot services (Debian) Category  
Lynis determines what services are started during runlevel 2 (boot). All boot services should be equal to the ones running, with the exception of the "one-time" processes. The latter group are processes which need a task to perform during or just after booting, like checking the file system. For all others it's common to be equal: if MySQL is running now, it is likely to be found in the boot services scripts as well. Missing processes in the boot list may lead to unavailability of important services after a reboot. Regular testing and reboots help in determining any missing services. Boot
Cfengine Chef Shell script Puppet Effort Risk
    tick  
1 2 3 4 5
1 2 3 4 5

[BOOT-5184] Writable start-up scripts Category  
Unix based systems have an extensive boot process, from loading the bootloader up to the execution of post-boot scripts. Protecting the boot process is important for the integrity of the system. Start-up scripts define what services will be initialized and started during the boot process. Lynis tests if there are scripts with world writable permissions. These files can be changed by all users on the system and usually started with root permissions. Therefore they impose a risk to the system, as one might include a backdoor into a start-up script. Boot
Cfengine Chef Shell script Puppet Effort Risk
       
1 2 3 4 5
1 2 3 4 5