6.1.7 Ensure permissions on /etc/shadow- are configured

Information

The /etc/shadow- file is used to store backup information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information.

It is critical to ensure that the /etc/shadow- file is protected from unauthorized access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions.

Solution

Run the following commands to set mode, owner, and group on /etc/shadow- :

# chown root:root /etc/shadow-
# chmod 0000 /etc/shadow-

See Also

https://workbench.cisecurity.org/benchmarks/15288

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: dd0ab8c720523d2c09b851f9cf6b19119e3f270e8d0a7e1e5ff1df4ffb9da207