Profile Applicability:
Level 1
Description:
The /etc/gshadow file contains secure group account information, including encrypted group passwords. Improper permissions on this file can expose sensitive data to unauthorized users, increasing the risk of privilege escalation and unauthorized access.
Rationale:
Setting strict permissions on /etc/gshadow ensures that only privileged users (typically root) can access sensitive group password information, thereby maintaining system security.
Impact:
Pros:
Protects group password hashes from unauthorized access.
Helps enforce group-based authentication security policies.
Cons:
Overly restrictive permissions might cause issues with system utilities if they require access (rare).
Default Value:
Most Linux distributions set secure default permissions on /etc/gshadow, but this should be verified.
Pre-requisites:
Root or sudo privileges to audit and modify file permissions.
Remediation:
Test Plan:
Using Linux command line:
Check current permissions and ownership of /etc/gshadow:
ls -l /etc/gshadow
Confirm the file is owned by root and permissions are set to 600 or more restrictive.
Implementation Plan:
Using Linux command line:
Set ownership to root:
chown root:root /etc/gshadow
Set permissions to 600:
chmod 600 /etc/gshadow
Verify changes:
ls -l /etc/gshadow
Backout Plan:
Using Linux command line:
Restore previous permissions and ownership from backups if needed.
Test system utilities for proper functioning.
References:
CIS Amazon Linux 2 Benchmark v3.0.0