# CIS 6.1.9 Ensure permissions on /etc/gshadow- are configured
#
# Description
# ===========
# The /etc/gshadow- file is used to store backup information about groups
# that is critical to the security of those accounts, such as the hashed
# password and other security information.
#
# Rationale
# =========
# It is critical to ensure that the /etc/gshadow- file is protected from
# unauthorized access. Although it is protected by default, the file
# permissions could be changed either inadvertently or through malicious actions.
#
# Audit
# =====
# Run the following command and verify Uid and Gid are both 0/root and
# Access is 600 or more restrictive:
#
#   # stat /etc/gshadow-
#   Access: (0600/-rw-------) Uid: (0/root) Gid: (0/root)
#
# Remediation
# ===========
# Run the following command to set permissions on /etc/gshadow- :
#
#   # chown root:root /etc/gshadow-
#   # chmod 600 /etc/gshadow-
#
parameters:
  linux:
    system:
      file:
        /etc/gshadow-:
          user: 'root'
          group: 'root'
          mode: '0600'