Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ======6.1.5 Ensure permissions on /etc/shadow are configured (Scored)====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== The ''/etc/gshadow'' file is used to store the information about groups that is critical to the security of those accounts, such as the hashed password and other security information. =====Rationale===== If attackers can gain read access to the ''/etc/gshadow'' file, they can easily run a password cracking program against the hashed password to break it. Other security information that is stored in the ''/etc/gshadow'' file (such as group administrators) could also be useful to subvert the group. =====Audit===== Run the following command and verify ''Uid'' is ''0/root'', ''Gid'' is ''0/root'', and ''Access'' is ''000'': <Code:bash> # stat /etc/gshadow Access: (0000/----------) Uid: ( 0/ root) Gid: ( 0/ root) </Code> =====Remediation===== Run the following command to set permissions on ''/etc/gshadow'': <Code:bash> # chown root:root /etc/gshadow # chmod 000 /etc/gshadow </Code> centos7/6/1/5.txt Last modified: 2017/05/04 19:57by 127.0.0.1