Information
The /etc/gshadow file contains information about group accounts that is critical to the security of those accounts, such as the hashed password and other security information.
Rationale:
If attackers can gain read access to the /etc/gshadow file, they can easily run a password cracking program against the hashed password to break it. Other security information that is stored in the /etc/gshadow file (such as expiration) could also be useful to subvert the group accounts.
Solution
Run the following command to remove excess permissions:
# /bin/chmod u-wx,go-rwx /etc/gshadow
Default Value:
OS Default: Yes