6.1.5 Ensure permissions on /etc/shadow are configured (Scored)
Profile Applicability
Level 1 - Server Level 1 - Workstation
Description
The /etc/gshadow
file is used to store the information about groups that is critical to the security of those accounts, such as the hashed password and other security information.
Rationale
If attackers can gain read access to the /etc/gshadow
file, they can easily run a password cracking program against the hashed password to break it. Other security information that is stored in the /etc/gshadow
file (such as group administrators) could also be useful to subvert the group.
Audit
Run the following command and verify Uid
is 0/root
, Gid
is <gid>/shadow
, and Access
is 640
or more restrictive:
# stat /etc/gshadow Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 42/ shadow)
Remediation
Run the following command to set permissions on /etc/gshadow
:
# chown root:shadow /etc/gshadow # chmod o-rwx,g-wx /etc/gshadow