Profile Applicability:
Level 1
Description:
The /etc/gshadow- file is a backup of the /etc/gshadow file, which contains secure group account information. Improper permissions on this backup file can expose sensitive group password hashes to unauthorized users.
Rationale:
Securing permissions on /etc/gshadow- protects sensitive group credentials and reduces the risk of unauthorized access or privilege escalation.
Impact:
Pros:
Prevents exposure of sensitive group password information.
Supports overall system security and integrity.
Cons:
Overly restrictive permissions might affect system backup and restore processes.
Default Value:
Permissions may vary by distribution, but should be restrictive.
Pre-requisites:
Root or sudo privileges to audit and modify file permissions.
Remediation:
Test Plan:
Using Linux command line:
Check current permissions of /etc/gshadow-:
ls -l /etc/gshadow-
Verify ownership is root:root and permissions are set to 600 or more restrictive.
Implementation Plan:
Using Linux command line:
Set ownership to root:
chown root:root /etc/gshadow-
Set permissions to 600:
chmod 600 /etc/gshadow-
Verify changes:
ls -l /etc/gshadow-
Backout Plan:
Using Linux command line:
Restore previous permissions and ownership from backup if necessary.
Confirm system utilities operate correctly after changes.
References:
CIS Amazon Linux 2 Benchmark v3.0.0