Ensure there are no legacy + NIS entries in /etc/passwd

An XCCDF Rule

Description

The + character in /etc/passwd file marks a place where entries from a network information service (NIS) should be directly inserted.

Rationale

Using this method to include entries into /etc/passwd is considered legacy and should be avoided. These entries may provide a way for an attacker to gain access to the system.

ID: xccdf_org.ssgproject.content_rule_no_legacy_plus_entries_etc_passwd
Severity: Medium
Updated: about 1 year ago

- name: Ensure there are no legacy + NIS entries in /etc/passwd - Backup the Old /etc/passwd
    File
  ansible.builtin.copy:
    src: /etc/passwd
    dest: /etc/passwd-
    remote_src: true  tags:
  - low_complexity
  - medium_disruption
  - medium_severity
  - no_legacy_plus_entries_etc_passwd
  - no_reboot_needed
  - restrict_strategy

- name: Ensure there are no legacy + NIS entries in /etc/passwd - Remove Lines Starting
    with + From /etc/passwd
  ansible.builtin.lineinfile:
    regexp: ^\+.*$
    state: absent
    path: /etc/passwd
  tags:
  - low_complexity
  - medium_disruption
  - medium_severity
  - no_legacy_plus_entries_etc_passwd
  - no_reboot_needed
  - restrict_strategy


if grep -q '^\+' /etc/passwd; then
# backup old file to /etc/passwd-
	cp /etc/passwd /etc/passwd-
	sed -i '/^\+.*$/d' /etc/passwd
fi

Ensure there are no legacy + NIS entries in /etc/passwd

Description

Rationale

Remediation - Ansible

Remediation - Shell Script