Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

cis-6-1-5.yml 1.1KB

123456789101112131415161718192021222324252627282930313233343536373839
  1. # CIS 6.1.5 Ensure permissions on /etc/gshadow are configured
  2. #
  3. # Description
  4. # ===========
  5. # The /etc/gshadow file is used to store the information about groups that
  6. # is critical to the security of those accounts, such as the hashed password
  7. # and other security information.
  8. #
  9. # Rationale
  10. # =========
  11. # If attackers can gain read access to the /etc/gshadow file, they can easily
  12. # run a password cracking program against the hashed password to break it.
  13. # Other security information that is stored in the /etc/gshadow file (such as
  14. # group administrators) could also be useful to subvert the group.
  15. #
  16. # Audit
  17. # =====
  18. # Run the following command and verify verify Uid is 0/root ,
  19. # Gid is <gid>/shadow , and Access is 640 or more restrictive:
  20. #
  21. # # stat /etc/gshadow
  22. # Access: (0640/-rw-r-----) Uid: (0/root) Gid: (42/shadow)
  23. #
  24. # Remediation
  25. # ===========
  26. # Run the following commands to set permissions on /etc/gshadow :
  27. #
  28. # # chown root:shadow /etc/gshadow
  29. # # chmod o-rwx,g-rw /etc/gshadow
  30. #
  31. parameters:
  32. linux:
  33. system:
  34. file:
  35. /etc/gshadow:
  36. user: 'root'
  37. group: 'shadow'
  38. mode: '0640'