Verify Permissions on shadow File
An XCCDF Rule
Description
To properly set the permissions of /etc/shadow
, run the command:
$ sudo chmod 0640 /etc/shadow
Rationale
The /etc/shadow
file contains the list of local
system accounts and stores password hashes. Protection of this file is
critical for system security. Failure to give ownership of this file
to root provides the designated owner with access to sensitive information
which could weaken the system security posture.
- ID
- xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Test for existence /etc/shadow
stat:
path: /etc/shadow
register: file_exists
tags:
- CCE-91479-6
Remediation - Shell Script
chmod u-xs,g-xws,o-xwrt /etc/shadow