ExternalMirrors
/
linux-formula
mirror da https://github.com/salt-formulas/salt-formula-linux
Segui 1
Vota 0
Forka 1
Codice Problemi 0 Rilasci 8 Wiki Attività
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
769 Commit
26 Rami (Branch)
Albero (Tree): 16a8cb567b
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '16a8cb567b'
${ noResults }
linux-formula/metadata/service/system/cis/cis-6-1-5.yml

40 lines
1.1KB
Originale Blame Cronologia 

  1. # CIS 6.1.5 Ensure permissions on /etc/gshadow are configured

  2. #

  3. # Description

  4. # ===========

  5. # The /etc/gshadow file is used to store the information about groups that

  6. # is critical to the security of those accounts, such as the hashed password

  7. # and other security information.

  8. #

  9. # Rationale

  10. # =========

  11. # If attackers can gain read access to the /etc/gshadow file, they can easily

  12. # run a password cracking program against the hashed password to break it.

  13. # Other security information that is stored in the /etc/gshadow file (such as

  14. # group administrators) could also be useful to subvert the group.

  15. #

  16. # Audit

  17. # =====

  18. # Run the following command and verify verify Uid is 0/root ,

  19. # Gid is <gid>/shadow , and Access is 640 or more restrictive:

  20. #

  21. #   # stat /etc/gshadow

  22. #   Access: (0640/-rw-r-----) Uid: (0/root) Gid: (42/shadow)

  23. #

  24. # Remediation

  25. # ===========

  26. # Run the following commands to set permissions on /etc/gshadow :

  27. #

  28. #   # chown root:shadow /etc/gshadow

  29. #   # chmod o-rwx,g-rw /etc/gshadow

  30. #

  31. parameters:

  32.   linux:

  33.     system:

  34.       file:

  35.         /etc/gshadow:

  36.           user: 'root'

  37.           group: 'shadow'

  38.           mode: '0640'