=== modified file 'serverguide/C/security.xml'
--- serverguide/C/security.xml	2009-03-24 15:48:30 +0000
+++ serverguide/C/security.xml	2010-01-12 02:47:55 +0000
@@ -387,7 +387,7 @@
 	  	</listitem>
 	  	<listitem>
 		<para>
-		Add the resulting hash value to the file <filename>/boot/grub/menu.lst</filename> in the following format:
+		Add the resulting hash value to the global section of the file <filename>/boot/grub/menu.lst</filename> in the following format:
 		</para>
 <programlisting>password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0</programlisting>
 	  	</listitem>
@@ -396,6 +396,17 @@
 		To require use of the password for entering single user mode, change the value of the <varname>lockalternative</varname> variable in the file <filename>/boot/grub/menu.lst</filename> to <varname>true</varname>, as shown in the following example.
 		</para>
 <programlisting># lockalternative=true</programlisting>
+                <para>
+                It is important to note that the # symbol is not a comment and should NOT be removed from the beginning of the line above. This is a template string that <application>GRUB</application> understands.  <application>GRUB</application> will add a lock statement to each kernel entry when the command <application>update-grub</application> is run.  This is done automatically when kernel packages are installed and upgraded.
+                </para>
+                </listitem>
+                <listitem>
+                <para>
+                After modifying <filename>/boot/grub/menu.lst</filename>, you should run the <application>update-grub</application> command to commit your changes.
+                </para>
+<screen>
+<command>sudo update-grub</command>
+</screen>
 		</listitem>
 		</itemizedlist>
 	<note>