6.1.3 Ensure permissions on /etc/shadow are configured

Information

If attackers can gain read access to the /etc/shadow file, they can easily run a password cracking program against the hashed password to break it. Other security information that is stored in the /etc/shadow file (such as expiration) could also be useful to subvert the user accounts.

Solution

Run the following commands to set permissions on /etc/shadow:
# chown root:root /etc/shadow
# chmod 000 /etc/shadow

See Also

https://workbench.cisecurity.org/files/1863

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(6), CSCv6|3.1

Plugin: Unix

Control ID: 6bf12e0e65e2863b6cb3c19798d9e7428cb846f7034eeea8038b799e85cb02da