Verify User Who Owns Backup passwd File

An XCCDF Rule

Description

To properly set the owner of /etc/passwd-, run the command:

$ sudo chown root /etc/passwd-

Rationale

The /etc/passwd- file is a backup file of /etc/passwd, and as such, it contains information about the users that are configured on the system. Protection of this file is critical for system security.

ID: xccdf_org.ssgproject.content_rule_file_owner_backup_etc_passwd
Severity: Medium
References: CCI-002223

AC-6 (1)

Req-8.7.c

SRG-OS-000480-GPOS-00227

6.1.5

CCE-91324-4

2.2.6
Updated: about 1 year ago

- name: Test for existence /etc/passwd-
  stat:
    path: /etc/passwd-
  register: file_exists
  tags:
  - CCE-91324-4  - NIST-800-53-AC-6 (1)
  - PCI-DSS-Req-8.7.c
  - PCI-DSSv4-2.2.6
  - configure_strategy
  - file_owner_backup_etc_passwd
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

- name: Ensure owner 0 on /etc/passwd-
  file:
    path: /etc/passwd-
    owner: '0'
  when: file_exists.stat is defined and file_exists.stat.exists
  tags:
  - CCE-91324-4
  - NIST-800-53-AC-6 (1)
  - PCI-DSS-Req-8.7.c
  - PCI-DSSv4-2.2.6
  - configure_strategy
  - file_owner_backup_etc_passwd
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

chown 0 /etc/passwd-

Verify User Who Owns Backup passwd File

Description

Rationale

Remediation - Ansible

Remediation - Shell Script