ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
778 Commits
26 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
linux-formula/metadata/service/system/cis/cis-6-1-6.yml

37 lines
918B
Raw Permalink Blame History 

  1. # CIS 6.1.6 Ensure permissions on /etc/passwd- are configured

  2. #

  3. # Description

  4. # ===========

  5. # The /etc/passwd- file contains backup user account information.

  6. #

  7. # Rationale

  8. # =========

  9. # It is critical to ensure that the /etc/passwd- file is protected from

  10. # unauthorized access. Although it is protected by default, the file

  11. # permissions could be changed either inadvertently or through malicious actions.

  12. #

  13. # Audit

  14. # =====

  15. # Run the following command and verify Uid and Gid are both 0/root and

  16. # Access is 600 or more restrictive:

  17. #

  18. #   # stat /etc/passwd-

  19. #   Access: (0600/-rw-------) Uid: (0/root) Gid: (0/root)

  20. #

  21. # Remediation

  22. # ===========

  23. # Run the following command to set permissions on /etc/passwd- :

  24. #

  25. #   # chown root:root /etc/passwd-

  26. #   # chmod 600 /etc/passwd-

  27. #

  28. parameters:

  29.   linux:

  30.     system:

  31.       file:

  32.         /etc/passwd-:

  33.           user: 'root'

  34.           group: 'root'

  35.           mode: '0600'