ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
778 Commits
26 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
linux-formula/metadata/service/system/cis/cis-6-1-7.yml

39 lines
1.0KB
Raw Permalink Blame History 

  1. # CIS 6.1.7 Ensure permissions on /etc/shadow- are configured

  2. #

  3. # Description

  4. # ===========

  5. # The /etc/shadow- file is used to store backup information about user

  6. # accounts that is critical to the security of those accounts, such as the

  7. # hashed password and other security information.

  8. #

  9. # Rationale

  10. # =========

  11. # It is critical to ensure that the /etc/shadow- file is protected from

  12. # unauthorized access. Although it is protected by default, the file

  13. # permissions could be changed either inadvertently or through malicious actions.

  14. #

  15. # Audit

  16. # =====

  17. # Run the following command and verify Uid and Gid are both 0/root and

  18. # Access is 600 or more restrictive:

  19. #

  20. #   # stat /etc/shadow-

  21. #   Access: (0600/-rw-------) Uid: (0/root) Gid: (0/root)

  22. #

  23. # Remediation

  24. # ===========

  25. # Run the following command to set permissions on /etc/shadow- :

  26. #

  27. #   # chown root:root /etc/shadow-

  28. #   # chmod 600 /etc/shadow-

  29. #

  30. parameters:

  31.   linux:

  32.     system:

  33.       file:

  34.         /etc/shadow-:

  35.           user: 'root'

  36.           group: 'root'

  37.           mode: '0600'