Ensure there are no legacy + NIS entries in /etc/shadow
An XCCDF Rule
Description
The +
character in /etc/shadow
file marks a place where
entries from a network information service (NIS) should be directly inserted.
Rationale
Using this method to include entries into /etc/shadow
is considered legacy
and should be avoided. These entries may provide a way for an attacker
to gain access to the system.
- ID
- xccdf_org.ssgproject.content_rule_no_legacy_plus_entries_etc_shadow
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
if grep -q '^\+' /etc/shadow; then
# backup old file to /etc/shadow-
cp /etc/shadow /etc/shadow-
sed -i '/^\+.*$/d' /etc/shadow
fi
Remediation - Ansible
- name: Ensure there are no legacy + NIS entries in /etc/shadow - Backup the Old /etc/shadow
File
ansible.builtin.copy:
src: /etc/shadow
dest: /etc/shadow-
remote_src: true