| # CIS 6.1.9 Ensure permissions on /etc/gshadow- are configured |
| # |
| # Description |
| # =========== |
| # The /etc/gshadow- file is used to store backup information about groups |
| # that is critical to the security of those accounts, such as the hashed |
| # password and other security information. |
| # |
| # Rationale |
| # ========= |
| # It is critical to ensure that the /etc/gshadow- file is protected from |
| # unauthorized access. Although it is protected by default, the file |
| # permissions could be changed either inadvertently or through malicious actions. |
| # |
| # Audit |
| # ===== |
| # Run the following command and verify Uid and Gid are both 0/root and |
| # Access is 600 or more restrictive: |
| # |
| # # stat /etc/gshadow- |
| # Access: (0600/-rw-------) Uid: (0/root) Gid: (0/root) |
| # |
| # Remediation |
| # =========== |
| # Run the following command to set permissions on /etc/gshadow- : |
| # |
| # # chown root:root /etc/gshadow- |
| # # chmod 600 /etc/gshadow- |
| # |
| parameters: |
| linux: |
| system: |
| file: |
| /etc/gshadow-: |
| user: 'root' |
| group: 'root' |
| mode: '0600' |
| |