Skip to content

Verify Permissions and Ownership of Old Passwords File

An XCCDF Rule

Description

To properly set the owner of /etc/security/opasswd, run the command:

$ sudo chown root /etc/security/opasswd 
To properly set the group owner of /etc/security/opasswd, run the command:
$ sudo chgrp root /etc/security/opasswd
To properly set the permissions of /etc/security/opasswd, run the command:
$ sudo chmod 0600 /etc/security/opasswd

Rationale

The /etc/security/opasswd file stores old passwords to prevent password reuse. Protection of this file is critical for system security.

ID
xccdf_org.ssgproject.content_rule_file_etc_security_opasswd
Severity
Medium
References
Updated