Verify Group Who Owns shadow File
An XCCDF Rule
Description
To properly set the group owner of /etc/shadow
, run the command:
$ sudo chgrp root /etc/shadow
Rationale
The /etc/shadow
file stores password hashes. Protection of this file is
critical for system security.
- ID
- xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
chgrp 0 /etc/shadow
Remediation - Ansible
- name: Test for existence /etc/shadow
stat:
path: /etc/shadow
register: file_exists
tags:
- CCE-83930-8