7.1.4 Ensure permissions on /etc/group- are configured

Information

The /etc/group- file contains a backup list of all the valid groups defined in the system.

It is critical to ensure that the /etc/group- file is protected from unauthorized access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions.

Solution

Run the following commands to remove excess permissions, set owner, and set group on /etc/group- :

# chmod u-x,go-wx /etc/group-
# chown root:root /etc/group-

See Also

https://workbench.cisecurity.org/benchmarks/18209

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: e61c1bac1b9a80a887d001c2ae4403a9b0412963a8faad64d3836cdc900ce63a