12.5 Verify User/Group Ownership on /etc/shadow

Information

The /etc/shadow file contains the one-way cipher text passwords for each user defined in the /etc/passwd file. The command below sets the user and group ownership of the file to root. If attackers can gain read access to the /etc/shadow file, they can easily run a password cracking program against the hashed password to break it. Other security information that is stored in the /etc/shadow file (such as expiration) could also be useful to subvert the user accounts.

Solution

If the ownership of the /etc/shadow file are incorrect, run the following command to correct them- # /bin/chown root-shadow /etc/shadow

See Also

https://workbench.cisecurity.org/files/85

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(6), CSCv6|3.1

Plugin: Unix

Control ID: 099c131dbdafc88cfddcaa8c6ec6fe9598c6df70e8bfd3524527c96c5f474a06