Verify Group Who Owns gshadow File
An XCCDF Rule
Description
To properly set the group owner of /etc/gshadow
, run the command:
$ sudo chgrp shadow /etc/gshadow
Rationale
The /etc/gshadow
file contains group password hashes. Protection of this file
is critical for system security.
- ID
- xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Test for existence /etc/gshadow
stat:
path: /etc/gshadow
register: file_exists
tags:
- NIST-800-53-AC-6(1)
Remediation - Shell Script
chgrp 42 /etc/gshadow