|
1234567891011121314151617181920212223242526272829303132333435363738 |
- # CIS 6.1.9 Ensure permissions on /etc/gshadow- are configured
- #
- # Description
- # ===========
- # The /etc/gshadow- file is used to store backup information about groups
- # that is critical to the security of those accounts, such as the hashed
- # password and other security information.
- #
- # Rationale
- # =========
- # It is critical to ensure that the /etc/gshadow- file is protected from
- # unauthorized access. Although it is protected by default, the file
- # permissions could be changed either inadvertently or through malicious actions.
- #
- # Audit
- # =====
- # Run the following command and verify Uid and Gid are both 0/root and
- # Access is 600 or more restrictive:
- #
- # # stat /etc/gshadow-
- # Access: (0600/-rw-------) Uid: (0/root) Gid: (0/root)
- #
- # Remediation
- # ===========
- # Run the following command to set permissions on /etc/gshadow- :
- #
- # # chown root:root /etc/gshadow-
- # # chmod 600 /etc/gshadow-
- #
- parameters:
- linux:
- system:
- file:
- /etc/gshadow-:
- user: 'root'
- group: 'root'
- mode: '0600'
-
|