Verify User Who Owns Backup passwd File

An XCCDF Rule

Description

To properly set the owner of /etc/passwd-, run the command:

$ sudo chown root /etc/passwd-

Rationale

The /etc/passwd- file is a backup file of /etc/passwd, and as such, it contains information about the users that are configured on the system. Protection of this file is critical for system security.

ID: xccdf_org.ssgproject.content_rule_file_owner_backup_etc_passwd
Severity: Medium
References: AC-6 (1)

Req-8.7.c

SRG-OS-000480-GPOS-00227

6.1.5

CCE-91694-0

2.2 2.2.6

CCI-000366
Updated: about 1 month ago

Remediation Templates

- name: Test for existence /etc/passwd-
  stat:
    path: /etc/passwd-
  register: file_exists
  tags:
  - CCE-91694-0  - NIST-800-53-AC-6 (1)
  - PCI-DSS-Req-8.7.c
  - PCI-DSSv4-2.2
  - PCI-DSSv4-2.2.6
  - configure_strategy
  - file_owner_backup_etc_passwd
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
- name: Ensure owner 0 on /etc/passwd-
  file:
    path: /etc/passwd-
    owner: '0'
  when: file_exists.stat is defined and file_exists.stat.exists
  tags:
  - CCE-91694-0
  - NIST-800-53-AC-6 (1)
  - PCI-DSS-Req-8.7.c
  - PCI-DSSv4-2.2
  - PCI-DSSv4-2.2.6
  - configure_strategy
  - file_owner_backup_etc_passwd
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

chown 0 /etc/passwd-

Verify User Who Owns Backup passwd File

Description

Rationale

Remediation Templates

An Ansible Snippet

A Shell Script