Verify Group Who Owns gshadow File

An XCCDF Rule

Description

To properly set the group owner of /etc/gshadow, run the command:

$ sudo chgrp root /etc/gshadow

The /etc/gshadow file contains group password hashes. Protection of this file is critical for system security.

ID: xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow
Severity: Medium
References: 12 13 14 15 16 18 3 5

APO01.06 DSS05.04 DSS05.07 DSS06.02

4.3.3.7.3

SR 2.1 SR 5.2

A.10.1.1 A.11.1.4 A.11.1.5 A.11.2.1 A.13.1.1 A.13.1.3 A.13.2.1 A.13.2.3 A.13.2.4 A.14.1.2 A.14.1.3 A.6.1.2 A.7.1.1 A.7.1.2 A.7.3.1 A.8.2.2 A.8.2.3 A.9.1.1 A.9.1.2 A.9.2.3 A.9.4.1 A.9.4.4 A.9.4.5

CIP-003-8 R5.1.1 CIP-003-8 R5.3 CIP-004-6 R2.3 CIP-007-3 R2.1 CIP-007-3 R2.2 CIP-007-3 R2.3 CIP-007-3 R5.1 CIP-007-3 R5.1.1 CIP-007-3 R5.1.2

AC-6(1) CM-6(a)

PR.AC-4 PR.DS-5

SRG-OS-000480-GPOS-00227
Updated: about 1 year ago