Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ======6.1.7 Ensure permissions on /etc/shadow- are configured (Scored)====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== The ''/etc/shadow-'' file is used to store backup information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information. =====Rationale===== It is critical to ensure that the ''/etc/shadow-'' file is protected from unauthorized access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions. =====Audit===== Run the following command and verify ''Uid'' and ''Gid'' are both ''0/root'' and ''Access'' is ''600'': <Code:bash> # stat /etc/shadow- Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root) </Code> =====Remediation===== Run the following command to set permissions on ''/etc/shadow-'': <Code:bash> # chown root:root /etc/shadow- # chmod 600 /etc/shadow- </Code> centos7/6/1/7.txt Last modified: 2017/05/04 19:58by 127.0.0.1