Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

cis-6-1-9.yml 1.0KB

1234567891011121314151617181920212223242526272829303132333435363738
  1. # CIS 6.1.9 Ensure permissions on /etc/gshadow- are configured
  2. #
  3. # Description
  4. # ===========
  5. # The /etc/gshadow- file is used to store backup information about groups
  6. # that is critical to the security of those accounts, such as the hashed
  7. # password and other security information.
  8. #
  9. # Rationale
  10. # =========
  11. # It is critical to ensure that the /etc/gshadow- file is protected from
  12. # unauthorized access. Although it is protected by default, the file
  13. # permissions could be changed either inadvertently or through malicious actions.
  14. #
  15. # Audit
  16. # =====
  17. # Run the following command and verify Uid and Gid are both 0/root and
  18. # Access is 600 or more restrictive:
  19. #
  20. # # stat /etc/gshadow-
  21. # Access: (0600/-rw-------) Uid: (0/root) Gid: (0/root)
  22. #
  23. # Remediation
  24. # ===========
  25. # Run the following command to set permissions on /etc/gshadow- :
  26. #
  27. # # chown root:root /etc/gshadow-
  28. # # chmod 600 /etc/gshadow-
  29. #
  30. parameters:
  31. linux:
  32. system:
  33. file:
  34. /etc/gshadow-:
  35. user: 'root'
  36. group: 'root'
  37. mode: '0600'