Ubuntu – Who is changing the grub.cfg? changes to timeout makes grub not show

19.04amd-ryzengrub2

Here is my audit on changes to the grub config file at /boot/grub/grub.cfg
The change makes the timeout=10 (that I have done to get the grub menu to show at all) to timeout=0 which means grub does not show at all.
I was asleep when this happened. I am very tempted to make that file read only and see what happens. Ubuntu 19.04,ryzen 5 2500U with vega radeon mobile gfx 2000mhz. default amd drivers (updated yesterday but this is not a new problem for me, happens every update grub). Any ideas on why this is happening at all? (apart from conspiracy theories). The change timestamp on the file is also 6.07am, when I was sound asleep.

  1. 2019-08-03 06:07:23 /boot/grub/ unlinkat no /usr/bin/rm unset 303
  2. 2019-08-03 06:07:23 /boot/grub/grub.cfg.new openat yes /usr/bin/dash unset 304
  3. 2019-08-03 06:07:23 . openat yes /usr/bin/dash unset 305
  4. 2019-08-03 06:07:23 . openat yes /usr/bin/dash unset 306
  5. 2019-08-03 06:07:23 . openat yes /usr/bin/dash unset 307
  6. 2019-08-03 06:07:23 . openat yes /usr/bin/dash unset 308
  7. 2019-08-03 06:07:23 . openat yes /usr/bin/dash unset 309
  8. 2019-08-03 06:07:23 . openat yes /usr/bin/dash unset 310
  9. 2019-08-03 06:07:23 . openat yes /usr/bin/dash unset 311
  10. 2019-08-03 06:07:23 . openat yes /usr/bin/dash unset 312
  11. 2019-08-03 06:07:27 /boot/grub/grub.cfg.new fchmodat yes /usr/bin/chmod unset 314
  12. 2019-08-03 06:07:27 /boot/grub/grub.cfg.new openat yes /usr/bin/grub-script-check unset 315
  13. 2019-08-03 06:07:27 /boot/grub/ renameat2 no /usr/bin/mv unset 316
  14. 2019-08-03 06:07:27 /boot/grub/grub.cfg rename yes /usr/bin/mv unset 317
  15. 2019-08-03 06:07:27 /boot/grub/grub.cfg.new openat yes /usr/bin/grep unset 313
  16. 2019-08-03 07:38:06 . openat yes /usr/bin/updatedb.mlocate unset 346
  17. 2019-08-03 12:48:37 /boot/grub sendto yes /usr/sbin/auditctl unset 54
  18. 2019-08-03 12:48:37 /boot/grub/grubenv openat yes /usr/bin/grub-editenv unset 77
  19. 2019-08-03 12:48:37 /boot/grub/grubenv openat yes /usr/bin/grub-editenv unset 78

the relevant part of grub.cfg is

terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
    set timeout_style=menu
    set timeout=10
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
    set timeout=10
  fi
fi

the problem is when my =10 are changed to =0

the audit was gotten from https://unix.stackexchange.com/questions/99074/find-which-process-is-modifying-a-file

sudo apt auditd

then set up with

sudo  auditctl  -w /boot/grub -k grubchanges -p rwxa

and reported with

sudo ausearch -k grubchanges | aureport -f -i

Best Answer

The answer is obvious: it is changed by grub-mkconfig. If you change grub.cfg manually, all changes will be overwritten on the next update-grub.

Grub is updated on every kernel upgrade and also in other cases.

Instead of changing grub.cfg edit /etc/default/grub and run sudo update-grub.

You can read this in the beginning of grub.cfg.

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
Related Question