6.1.5 Ensure permissions on /etc/gshadow are configured

Information

If attackers can gain read access to the /etc/gshadow file, they can easily run a password cracking program against the hashed password to break it. Other security information that is stored in the /etc/gshadow file (such as group administrators) could also be useful to subvert the group.

Solution

Run the following chown to set permissions on /etc/gshadow:
# chown root:root /etc/gshadow
# chmod 000 /etc/gshadow

See Also

https://workbench.cisecurity.org/files/1863

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(6), CSCv6|3.1

Plugin: Unix

Control ID: 5894d1227a29f3de6905916178d56839cb634474f8836e7b4bbec5506433f57b