Ensure there are no legacy + NIS entries in /etc/group
An XCCDF Rule
Description
The +
character in /etc/group
file marks a place where
entries from a network information service (NIS) should be directly inserted.
Rationale
Using this method to include entries into /etc/group
is considered legacy
and should be avoided. These entries may provide a way for an attacker
to gain access to the system.
- ID
- xccdf_org.ssgproject.content_rule_no_legacy_plus_entries_etc_group
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Ensure there are no legacy + NIS entries in /etc/group - Backup the Old /etc/group
File
ansible.builtin.copy:
src: /etc/group
dest: /etc/group-
remote_src: true
Remediation - Shell Script
if grep -q '^\+' /etc/group; then
# backup old file to /etc/group-
cp /etc/group /etc/group-
sed -i '/^\+.*$/d' /etc/group
fi