Ensure there are no legacy + NIS entries in /etc/shadow

An XCCDF Rule

Description

The + character in /etc/shadow file marks a place where entries from a network information service (NIS) should be directly inserted.

Rationale

Using this method to include entries into /etc/shadow is considered legacy and should be avoided. These entries may provide a way for an attacker to gain access to the system.

ID: xccdf_org.ssgproject.content_rule_no_legacy_plus_entries_etc_shadow
Severity: Medium
References: CCE-84290-6
Updated: about 1 year ago

- name: Ensure there are no legacy + NIS entries in /etc/shadow - Backup the Old /etc/shadow
    File
  ansible.builtin.copy:
    src: /etc/shadow
    dest: /etc/shadow-
    remote_src: true  tags:
  - CCE-84290-6
  - low_complexity
  - medium_disruption
  - medium_severity
  - no_legacy_plus_entries_etc_shadow
  - no_reboot_needed
  - restrict_strategy

- name: Ensure there are no legacy + NIS entries in /etc/shadow - Remove Lines Starting
    with + From /etc/shadow
  ansible.builtin.lineinfile:
    regexp: ^\+.*$
    state: absent
    path: /etc/shadow
  tags:
  - CCE-84290-6
  - low_complexity
  - medium_disruption
  - medium_severity
  - no_legacy_plus_entries_etc_shadow
  - no_reboot_needed
  - restrict_strategy


if grep -q '^\+' /etc/shadow; then
# backup old file to /etc/shadow-
	cp /etc/shadow /etc/shadow-
	sed -i '/^\+.*$/d' /etc/shadow
fi

Ensure there are no legacy + NIS entries in /etc/shadow

Description

Rationale

Remediation - Ansible

Remediation - Shell Script