Table of Contents

6.1.3 Ensure permissions on /etc/shadow are configured (Scored)

Profile Applicability

Level 1 - Server
Level 1 - Workstation 

Description

The /etc/shadow file is used to store the information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information.

Rationale

If attackers can gain read access to the /etc/shadow file, they can easily run a password cracking program against the hashed password to break it. Other security information that is stored in the /etc/shadow file (such as expiration) could also be useful to subvert the user accounts.

Audit

Run the following command and verify Uid is 0/root, Gid is 0/root, and Access is 000:

# stat /etc/shadow 
Access: (0000/----------) Uid: ( 0/ root) Gid: ( 0/ root)

Remediation

Run the following command to set permissions on /etc/shadow:

# chown root:rootw /etc/shadow 
# chmod 000 /etc/shadow