| # CIS 6.1.3 Ensure permissions on /etc/shadow are configured |
| # The /etc/shadow file is used to store the information about user accounts |
| # that is critical to the security of those accounts, such as the hashed |
| # password and other security information. |
| # If attackers can gain read access to the /etc/shadow file, they can easily |
| # run a password cracking program against the hashed password to break it. |
| # Other security information that is stored in the /etc/shadow file (such |
| # as expiration) could also be useful to subvert the user accounts. |
| # Run the following command and verify Uid is 0/root , Gid is <gid>/shadow , |
| # and Access is 640 or more restrictive: |
| # Access: (0640/-rw-r-----) Uid: (0/root) Gid: (42/shadow) |
| # Run the one following commands to set permissions on /etc/shadow : |
| # # chown root:shadow /etc/shadow |
| # # chmod o-rwx,g-wx /etc/shadow |