Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

cis-6-1-4.yml 961B

1234567891011121314151617181920212223242526272829303132333435363738
  1. # CIS 6.1.4 Ensure permissions on /etc/group are configured
  2. #
  3. # Description
  4. # ===========
  5. # The /etc/group file contains a list of all the valid groups defined in the
  6. # system. The command below allows read/write access for root and read access
  7. # for everyone else.
  8. #
  9. # Rationale
  10. # =========
  11. # The /etc/group file needs to be protected from unauthorized changes by
  12. # non-privileged users, but needs to be readable as this information is used
  13. # with many non-privileged programs.
  14. #
  15. # Audit
  16. # =====
  17. # Run the following command and verify Uid and Gid are both 0/root and
  18. # Access is 644 :
  19. #
  20. # # stat /etc/group
  21. # Access: (0644/-rw-r--r--) Uid: (0/root) Gid: (0/root)
  22. #
  23. # Remediation
  24. # ===========
  25. # Run the following command to set permissions on /etc/group :
  26. #
  27. # # chown root:root /etc/group
  28. # # chmod 644 /etc/group
  29. #
  30. parameters:
  31. linux:
  32. system:
  33. file:
  34. /etc/group:
  35. user: 'root'
  36. group: 'root'
  37. mode: '0644'