{"description": "During the boot process, the boot loader is\nresponsible for starting the execution of the kernel and passing\noptions to it. The boot loader allows for the selection of\ndifferent kernels - possibly on different partitions or media.\nThe default Ubuntu 22.04 boot loader for x86 systems is called GRUB2.\nOptions it can pass to the kernel include <i>single-user mode</i>, which\nprovides root access without any authentication, and the ability to\ndisable SELinux. To prevent local users from modifying the boot\nparameters and endangering security, protect the boot loader configuration\nwith a password and ensure its configuration file's permissions\nare set properly.", "warnings": [], "requires": [], "conflicts": [], "values": ["var_l1tf_options", "var_mds_options", "var_rng_core_default_quality", "var_spec_store_bypass_disable_options"], "groups": ["non-uefi", "uefi"], "rules": ["coreos_pti_kernel_argument", "coreos_vsyscall_kernel_argument", "grub2_disable_recovery", "grub2_enable_iommu_force", "grub2_init_on_alloc_argument", "grub2_init_on_free", "grub2_kernel_trust_cpu_rng", "grub2_l1tf_argument", "grub2_mce_argument", "grub2_mds_argument", "grub2_mitigation_argument", "grub2_nosmap_argument_absent", "grub2_nosmep_argument_absent", "grub2_page_alloc_shuffle_argument", "grub2_pti_argument", "grub2_rng_core_default_quality_argument", "grub2_slab_nomerge_argument", "grub2_spec_store_bypass_disable_argument", "grub2_spectre_v2_argument", "grub2_systemd_debug-shell_argument_absent", "grub2_vsyscall_argument"], "platform": "grub2 and system_with_kernel", "platforms": ["grub2 and system_with_kernel"], "inherited_platforms": [], "cpe_platform_names": ["grub2_and_system_with_kernel"], "title": "GRUB2 bootloader configuration", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/bootloader-grub2/group.yml"}