Ensure permissions on /etc/passwd are configured

Information

It is critical to ensure that the /etc/passwd file is protected from unauthorized write access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions.

Solution

Run the following command to set permissions on /etc/passwd:
# chown root:root /etc/passwd
# chmod 644 /etc/passwd

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(6), CSCv6|16.14

Plugin: Unix

Control ID: eaa9ebbeb91b8b97e7ab5e560cc02004c47016ae3f72f32a57acc31f1a9f66d9