Verify Permissions On /etc/ipsec.secrets File
An XCCDF Rule
Description
To properly set the permissions of /etc/ipsec.secrets
, run the command:
$ sudo chmod 0644 /etc/ipsec.secrets
Rationale
Setting correct permissions on the /etc/ipsec.secrets file is important because this file hosts Libreswan configuration. Protection of this file is critical for system security. Restricting the permissions ensures exclusive control of the Libreswan configuration.
- ID
- xccdf_org.ssgproject.content_rule_file_permissions_etc_ipsec_secrets
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q libreswan; then
chmod u-xs,g-xws,o-xwt /etc/ipsec.secrets
else
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-86410-8
- configure_strategy