GEN001380 - The /etc/passwd file must have mode 0644 or less permissive.

Information

If the password file is writable by a group owner or the world, the risk of password file compromise is increased. The password file contains the list of accounts on the system and associated information.

Solution

Change the mode of the passwd file to 0644.

Procedure:
# chmod 0644 /etc/passwd

Document all changes.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(4), CAT|II, CCI|CCI-002165, Rule-ID|SV-227642r854477_rule, STIG-ID|GEN001380, STIG-Legacy|SV-798, STIG-Legacy|V-798, Vuln-ID|V-227642

Plugin: Unix

Control ID: 3d31a2af40b64076148de3b0f6dc6d4f0ff8fb612e3bd917f0b45048e5a0e9df