6.1.10 Ensure permissions on /etc/shells are configured

Information

/etc/shells is a text file which contains the full pathnames of valid login shells. This file is consulted by chsh and available to be queried by other programs.

It is critical to ensure that the /etc/shells file is protected from unauthorized access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions.

Solution

Run the following commands to remove excess permissions, set owner, and set group on /etc/shells :

# chmod u-x,go-wx /etc/shells
# chown root:root /etc/shells

See Also

https://workbench.cisecurity.org/benchmarks/15287

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: d007ddc59683dc423f46a4e3edd8d4b87de760099f5a85ad3618069e3bb5e0f7