Profile Applicability:
Level 1
Description:
The /etc/passwd file contains essential user account information. While this file does not store password hashes (which reside in /etc/shadow), improper permissions on /etc/passwd can allow unauthorized users to read sensitive system information.
Rationale:
Setting secure permissions on /etc/passwd helps prevent unauthorized access to user account information and supports overall system security.
Impact:
Pros:
Protects user account information from unauthorized reading or modification.
Helps maintain system integrity and user privacy.
Cons:
Permissions must allow read access for normal system operation by all users.
Default Value:
Typically, /etc/passwd permissions are set to 644 with ownership by root:root.
Pre-requisites:
Root or sudo privileges to audit and modify file permissions.
Remediation:
Test Plan:
Using Linux command line:
Check current permissions of /etc/passwd:
ls -l /etc/passwdVerify ownership is root:root and permissions are set to 644.
Implementation Plan:
Using Linux command line:
Set ownership to root:
chown root:root /etc/passwd
Set permissions to 644:
chmod 644 /etc/passwd
Verify changes:
ls -l /etc/passwd
Backout Plan:
Using Linux command line:
Restore previous permissions and ownership from backup if necessary.
Confirm system utilities operate correctly after changes.
References:
CIS Amazon Linux 2 Benchmark v3.0.0