Ensure there are no legacy + NIS entries in /etc/group

An XCCDF Rule

Description

The + character in /etc/group file marks a place where entries from a network information service (NIS) should be directly inserted.

Rationale

Using this method to include entries into /etc/group is considered legacy and should be avoided. These entries may provide a way for an attacker to gain access to the system.

ID: xccdf_org.ssgproject.content_rule_no_legacy_plus_entries_etc_group
Severity: Medium
Updated: about 1 year ago

- name: Ensure there are no legacy + NIS entries in /etc/group - Backup the Old /etc/group
    File
  ansible.builtin.copy:
    src: /etc/group
    dest: /etc/group-
    remote_src: true  tags:
  - low_complexity
  - medium_disruption
  - medium_severity
  - no_legacy_plus_entries_etc_group
  - no_reboot_needed
  - restrict_strategy

- name: Ensure there are no legacy + NIS entries in /etc/group - Remove Lines Starting
    with + From /etc/group
  ansible.builtin.lineinfile:
    regexp: ^\+.*$
    state: absent
    path: /etc/group
  tags:
  - low_complexity
  - medium_disruption
  - medium_severity
  - no_legacy_plus_entries_etc_group
  - no_reboot_needed
  - restrict_strategy


if grep -q '^\+' /etc/group; then
# backup old file to /etc/group-
	cp /etc/group /etc/group-
	sed -i '/^\+.*$/d' /etc/group
fi

Ensure there are no legacy + NIS entries in /etc/group

Description

Rationale

Remediation - Ansible

Remediation - Shell Script