Verify Permissions on /etc/shells File

An XCCDF Rule

Description

To properly set the permissions of /etc/shells, run the command:

$ sudo chmod 0644 /etc/shells

Rationale

The /etc/shells file contains the list of full pathnames to shells on the system. Since this file is used by many system programs this file should be protected.

ID: xccdf_org.ssgproject.content_rule_file_permissions_etc_shells
Severity: Medium
References: AC-3 MP-2

R50

7.1.9
Updated: about 1 month ago

Remediation Templates

- name: Test for existence /etc/shells
  stat:
    path: /etc/shells
  register: file_exists
  tags:
  - NIST-800-53-AC-3  - NIST-800-53-MP-2
  - configure_strategy
  - file_permissions_etc_shells
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
- name: Ensure permission u-xs,g-xws,o-xwt on /etc/shells
  file:
    path: /etc/shells
    mode: u-xs,g-xws,o-xwt
  when: file_exists.stat is defined and file_exists.stat.exists
  tags:
  - NIST-800-53-AC-3
  - NIST-800-53-MP-2
  - configure_strategy
  - file_permissions_etc_shells
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

chmod u-xs,g-xws,o-xwt /etc/shells

Verify Permissions on /etc/shells File

Description

Rationale

Remediation Templates

An Ansible Snippet

A Shell Script