Verify Permissions on Backup passwd File
An XCCDF Rule
Description
To properly set the permissions of /etc/passwd-
, run the command:
$ sudo chmod 0644 /etc/passwd-
Rationale
The /etc/passwd-
file is a backup file of /etc/passwd
, and as such,
it contains information about the users that are configured on the system.
Protection of this file is critical for system security.
- ID
- xccdf_org.ssgproject.content_rule_file_permissions_backup_etc_passwd
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Test for existence /etc/passwd-
stat:
path: /etc/passwd-
register: file_exists
tags:
- CCE-83940-7
Remediation - Shell Script
chmod u-xs,g-xws,o-xwt /etc/passwd-