6.1.6 Ensure permissions on /etc/passwd- are configured

Information

The /etc/passwd- file contains backup user account information.

Rationale:

It is critical to ensure that the /etc/passwd- file is protected from unauthorized access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions.

Solution

Run the following command to set permissions on /etc/passwd- :

# chown root:root /etc/passwd-

# chmod u-x,go-rwx /etc/passwd-

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, 800-53|IA-5(1), CSCv7|16.4

Plugin: Unix

Control ID: 3e3463809cd11d039381d68d2100ac2f9e767dfbdbdd76da586aee260b923ad8