Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSven Vermeulen <sven.vermeulen@siphos.be>2013-12-20 15:51:53 +0100
committerSven Vermeulen <sven.vermeulen@siphos.be>2013-12-20 15:51:53 +0100
commit378d7c06df134396bfb673430f5c8b85259511c0 (patch)
treebc3aca60475b4da468edb2336b74906e257b5ac3
parentSwitch from SYNC to sync-uri (diff)
downloadhardened-docs-378d7c06df134396bfb673430f5c8b85259511c0.tar.gz
hardened-docs-378d7c06df134396bfb673430f5c8b85259511c0.tar.bz2
hardened-docs-378d7c06df134396bfb673430f5c8b85259511c0.zip
Add block for GRUB2 password protection (still TODO)
Diffstat
-rw-r--r--xml/SCAP/gentoo-xccdf.xml14
1 files changed, 14 insertions, 0 deletions
diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml
index d38c83f..25621c0 100644
--- a/xml/SCAP/gentoo-xccdf.xml
+++ b/xml/SCAP/gentoo-xccdf.xml
@@ -1388,6 +1388,20 @@ PORTAGE_GPG_DIR="/etc/portage/gpg"
be (ab)used to work around security mechanisms.
</h:p>
</description>
+ <Group id="xccdf_org.gentoo.dev.swift_group_system-bootloader-grub2pass">
+ <title>Password protect GRUB 2</title>
+ <description>
+ <h:p>
+ It is recommended to password-protect the GRUB configuration so that the
+ boot options cannot be modified during a boot without providing the valid
+ password.
+ </h:p>
+ <h:p>
+ TODO looks like this has become a lot more difficult to obtain
+ </h:p>
+ <reference href="https://help.ubuntu.com/community/Grub2/Passwords">GRUB2 Passwords (Ubuntu wiki)</reference>
+ </description>
+ </Group>
<Group id="xccdf_org.gentoo.dev.swift_group_system-bootloader-grub1pass">
<title>Password protect GRUB (legacy)</title>
<description>