Skip to content

Verify Group Who Owns shadow File

An XCCDF Rule

Description

To properly set the group owner of /etc/shadow, run the command:

$ sudo chgrp root /etc/shadow

Rationale

The /etc/shadow file stores password hashes. Protection of this file is critical for system security.

ID
xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow
Severity
Medium
References
Updated



Remediation - Ansible

- name: Test for existence /etc/shadow
  stat:
    path: /etc/shadow
  register: file_exists
  tags:
  - CCE-82051-4

Remediation - Shell Script

chgrp 0 /etc/shadow