iCompaas Support

Profile Applicability:
Level 1

Description:
 The /etc/shells file lists valid login shells on the system. Improper permissions on this file can allow unauthorized modification, potentially enabling users to set malicious shells.

Rationale:
 Securing permissions on /etc/shells prevents unauthorized changes that could compromise user authentication and shell access.

Impact:
 Pros:

• Protects the integrity of allowed login shells.
  

• Prevents security risks from unauthorized shell changes.
  

Cons:

• Overly restrictive permissions might affect system utilities reading the file.
  

Default Value:
 Permissions on /etc/shells are typically set to allow read access by all users.

Pre-requisites:

• Root or sudo privileges to audit and modify file permissions.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check current permissions of /etc/shells:

   ls -l /etc/shells

2. Verify ownership is root:root and permissions are set to 644 or more restrictive.
   
   

Implementation Plan:

Using Linux command line:

1. Set ownership to root:

   chown root:root /etc/shells

2. Set permissions to 644:

   chmod 644 /etc/shells

3. Verify changes:

   ls -l /etc/shells

Backout Plan:

Using Linux command line:

1. Restore previous permissions and ownership from backup if necessary.
   

2. Confirm system utilities operate correctly after changes.
   
   

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• NIST SP 800-53 Revision 5 - CM-6