ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
778 Commits
26 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
linux-formula/metadata/service/system/cis/cis-6-1-2.yml

cis-6-1-2.yml 994B
Raw Permalink Normal View History

CIS 6.1.2-6.1.9 CIS items copied from cisbench: * CIS 6.1.2 Ensure permissions on /etc/passwd are configured (Scored) * CIS 6.1.3 Ensure permissions on /etc/shadow are configured (Scored) * CIS 6.1.4 Ensure permissions on /etc/group are configured (Scored) * CIS 6.1.5 Ensure permissions on /etc/gshadow are configured (Scored) * CIS 6.1.6 Ensure permissions on /etc/passwd- are configured (Scored) * CIS 6.1.7 Ensure permissions on /etc/shadow- are configured (Scored) * CIS 6.1.8 Ensure permissions on /etc/group- are configured (Scored) * CIS 6.1.9 Ensure permissions on /etc/gshadow- are configured (Scored) Change-Id: I195d08a98c2401a9b0fa8f146ee4b365f933fa1f
6 years ago
 1234567891011121314151617181920212223242526272829303132333435363738 
  1. # CIS 6.1.2 Ensure permissions on /etc/passwd are configured

  2. #

  3. # Description

  4. # ===========

  5. # The /etc/passwd file contains user account information that is used by

  6. # many system utilities and therefore must be readable for these utilities

  7. # to operate.

  8. #

  9. # Rationale

  10. # =========

  11. # It is critical to ensure that the /etc/passwd file is protected from

  12. # unauthorized write access. Although it is protected by default, the file

  13. # permissions could be changed either inadvertently or through malicious actions.

  14. #

  15. # Audit

  16. # =====

  17. # Run the following command and verify Uid and Gid are both 0/root and

  18. # Access is 644 :

  19. #

  20. #   # stat /etc/passwd

  21. #   Access: (0644/-rw-r--r--) Uid: (0/root) Gid: (0/root)

  22. #

  23. # Remediation

  24. # ===========

  25. # Run the following command to set permissions on /etc/passwd :

  26. #

  27. #   # chown root:root /etc/passwd

  28. #   # chmod 644 /etc/passwd

  29. #

  30. parameters:

  31.   linux:

  32.     system:

  33.       file:

  34.         /etc/passwd:

  35.           user: 'root'

  36.           group: 'root'

  37.           mode: '0644'

  38.