6.1.7 Ensure permissions on /etc/gshadow are configured

Information

The /etc/gshadow file is used to store the information about groups that is critical to the security of those accounts, such as the hashed password and other security information.

If attackers can gain read access to the /etc/gshadow file, they can easily run a password cracking program against the hashed password to break it. Other security information that is stored in the /etc/gshadow file (such as group administrators) could also be useful to subvert the group.

Solution

Run one of the following commands to set ownership of /etc/gshadow to root and group to either root or shadow :

# chown root:shadow /etc/gshadow
-OR-
# chown root:root /etc/gshadow

Run the following command to remove excess permissions form /etc/gshadow :

# chmod u-x,g-wx,o-rwx /etc/gshadow

See Also

https://workbench.cisecurity.org/benchmarks/13007

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: d8e17fb8a6e774af636c2ab7300f38ab45876a6b4b7dc447e362c788f51ffed2