blob: d5b2ffd6e044fae8054e4936a5f9cb3c39f5a7d9 [file] [log] [blame]
# CIS 6.1.4 Ensure permissions on /etc/group are configured
#
# Description
# ===========
# The /etc/group file contains a list of all the valid groups defined in the
# system. The command below allows read/write access for root and read access
# for everyone else.
#
# Rationale
# =========
# The /etc/group file needs to be protected from unauthorized changes by
# non-privileged users, but needs to be readable as this information is used
# with many non-privileged programs.
#
# Audit
# =====
# Run the following command and verify Uid and Gid are both 0/root and
# Access is 644 :
#
# # stat /etc/group
# Access: (0644/-rw-r--r--) Uid: (0/root) Gid: (0/root)
#
# Remediation
# ===========
# Run the following command to set permissions on /etc/group :
#
# # chown root:root /etc/group
# # chmod 644 /etc/group
#
parameters:
linux:
system:
file:
/etc/group:
user: 'root'
group: 'root'
mode: '0644'