Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

37 line
918B

  1. # CIS 6.1.6 Ensure permissions on /etc/passwd- are configured
  2. #
  3. # Description
  4. # ===========
  5. # The /etc/passwd- file contains backup user account information.
  6. #
  7. # Rationale
  8. # =========
  9. # It is critical to ensure that the /etc/passwd- file is protected from
  10. # unauthorized access. Although it is protected by default, the file
  11. # permissions could be changed either inadvertently or through malicious actions.
  12. #
  13. # Audit
  14. # =====
  15. # Run the following command and verify Uid and Gid are both 0/root and
  16. # Access is 600 or more restrictive:
  17. #
  18. # # stat /etc/passwd-
  19. # Access: (0600/-rw-------) Uid: (0/root) Gid: (0/root)
  20. #
  21. # Remediation
  22. # ===========
  23. # Run the following command to set permissions on /etc/passwd- :
  24. #
  25. # # chown root:root /etc/passwd-
  26. # # chmod 600 /etc/passwd-
  27. #
  28. parameters:
  29. linux:
  30. system:
  31. file:
  32. /etc/passwd-:
  33. user: 'root'
  34. group: 'root'
  35. mode: '0600'