Saltstack Official Linux Formula
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

40 Zeilen
1.1KB

  1. # CIS 6.1.3 Ensure permissions on /etc/shadow are configured
  2. #
  3. # Description
  4. # ===========
  5. # The /etc/shadow file is used to store the information about user accounts
  6. # that is critical to the security of those accounts, such as the hashed
  7. # password and other security information.
  8. #
  9. # Rationale
  10. # =========
  11. # If attackers can gain read access to the /etc/shadow file, they can easily
  12. # run a password cracking program against the hashed password to break it.
  13. # Other security information that is stored in the /etc/shadow file (such
  14. # as expiration) could also be useful to subvert the user accounts.
  15. #
  16. # Audit
  17. # =====
  18. # Run the following command and verify Uid is 0/root , Gid is <gid>/shadow ,
  19. # and Access is 640 or more restrictive:
  20. #
  21. # # stat /etc/shadow
  22. # Access: (0640/-rw-r-----) Uid: (0/root) Gid: (42/shadow)
  23. #
  24. # Remediation
  25. # ===========
  26. # Run the one following commands to set permissions on /etc/shadow :
  27. #
  28. # # chown root:shadow /etc/shadow
  29. # # chmod o-rwx,g-wx /etc/shadow
  30. #
  31. parameters:
  32. linux:
  33. system:
  34. file:
  35. /etc/shadow:
  36. user: 'root'
  37. group: 'shadow'
  38. mode: '0640'