Skip to content

Verify Permissions on Backup passwd File

An XCCDF Rule

Description

To properly set the permissions of /etc/passwd-, run the command:

$ sudo chmod 0644 /etc/passwd-

Rationale

The /etc/passwd- file is a backup file of /etc/passwd, and as such, it contains information about the users that are configured on the system. Protection of this file is critical for system security.

ID
xccdf_org.ssgproject.content_rule_file_permissions_backup_etc_passwd
Severity
Medium
References
Updated



Remediation - Ansible

- name: Test for existence /etc/passwd-
  stat:
    path: /etc/passwd-
  register: file_exists
  tags:
  - CCE-83940-7

Remediation - Shell Script






chmod u-xs,g-xws,o-xwt /etc/passwd-