| # CIS 6.1.7 Ensure permissions on /etc/shadow- are configured |
| # The /etc/shadow- file is used to store backup information about user |
| # accounts that is critical to the security of those accounts, such as the |
| # hashed password and other security information. |
| # It is critical to ensure that the /etc/shadow- file is protected from |
| # unauthorized access. Although it is protected by default, the file |
| # permissions could be changed either inadvertently or through malicious actions. |
| # Run the following command and verify Uid and Gid are both 0/root and |
| # Access is 600 or more restrictive: |
| # Access: (0600/-rw-------) Uid: (0/root) Gid: (0/root) |
| # Run the following command to set permissions on /etc/shadow- : |
| # # chown root:root /etc/shadow- |
| # # chmod 600 /etc/shadow- |