Verify Group Who Owns /etc/crypttab File

An XCCDF Rule

Description

To properly set the group owner of /etc/crypttab, run the command:

$ sudo chgrp root /etc/crypttab

Rationale

The ownership of the /etc/crypttab file by the root group is important because this file hosts encrypted block devices configuration. Protection of this file is critical for system security. Assigning the ownership to root ensures exclusive control of the encrypted block devices configuration.

ID: xccdf_org.ssgproject.content_rule_file_groupowner_etc_crypttab
Severity: Medium
References: R50

CCE-86362-1
Updated: 5 days ago

- name: Test for existence /etc/crypttab
  stat:
    path: /etc/crypttab
  register: file_exists
  tags:
  - CCE-86362-1  - configure_strategy
  - file_groupowner_etc_crypttab
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

- name: Ensure group owner root on /etc/crypttab
  file:
    path: /etc/crypttab
    group: root
  when: file_exists.stat is defined and file_exists.stat.exists
  tags:
  - CCE-86362-1
  - configure_strategy
  - file_groupowner_etc_crypttab
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

chgrp root /etc/crypttab

Verify Group Who Owns /etc/crypttab File

Description

Rationale

Remediation - Ansible

Remediation - Shell Script