Course Hero Logo

Xhtmlcode classcodeblock chown rootroot etcgroup br

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 292 - 294 out of 311 pages.

<xhtml:code class="code_block"># chown root:root /etc/group-<br/># chmod u-x,go-wx /etc/group-</xhtml:code><xhtml:p/></xhtml:p></xhtml:div></xccdf:fixtext><xccdf:complex-check operator="AND"><check system=""><check-content-ref href="CIS_CentOS_Linux_8_Benchmark_v1.0.0.1-oval.xml" name="oval:org.cisecurity.benchmarks.centos_centos_8:def:698604"/></check></xccdf:complex-check></xccdf:Rule><xccdf:Ruleid="xccdf_org.cisecurity.benchmarks_rule_6.1.9_Ensure_permissions_on_etcgshadow-_are_configured" role="full" selected="false" weight="1.0"><xccdf:title xml:lang="en">Ensure permissions on /etc/gshadow- areconfigured</xccdf:title><xccdf:description xml:lang="en"><xhtml:p>The<xhtml:span class="inline_block">/etc/gshadow-</xhtml:span>file is used to store backup information about groups that is critical to thesecurity of those accounts, such as the hashed password and other securityinformation.</xhtml:p></xccdf:description><xccdf:rationale xml:lang="en"><xhtml:p>It is critical to ensure that the<xhtml:spanclass="inline_block">/etc/gshadow-</xhtml:span>file is protected from unauthorized access. Although it is protected by default,the file permissions could be changed either inadvertently or through maliciousactions.</xhtml:p></xccdf:rationale><xccdf:ident cc7:controlURI="-cc/v7.0/control/16/subcontrol/4" system=""/><xccdf:fixtext xml:lang="en"><xhtml:div><xhtml:p><xhtml:p>Run one of the following chown commands as appropriate and the chmod to setpermissions on<xhtml:span class="inline_block">/etc/gshadow-</xhtml:span>:</xhtml:p><xhtml:code class="code_block"># chown root:root /etc/gshadow-<br/># chown root:shadow /etc/gshadow-<br/><br/># chmod o-rwx,g-rw /etc/gshadow-</xhtml:code><xhtml:p/></xhtml:p></xhtml:div></xccdf:fixtext><xccdf:complex-check operator="AND"><check system=""><check-content-ref href="CIS_CentOS_Linux_8_Benchmark_v1.0.0.1-oval.xml" name="oval:org.cisecurity.benchmarks.centos_centos_8:def:698610"/>
</check></xccdf:complex-check></xccdf:Rule><xccdf:Ruleid="xccdf_org.cisecurity.benchmarks_rule_6.1.10_Ensure_no_world_writable_files_exist" role="full" selected="false" weight="1.0"><xccdf:title xml:lang="en">Ensure no world writable filesexist</xccdf:title><xccdf:description xml:lang="en"><xhtml:p>Unix-based systems support variable settings to control access to files. Worldwritable files are the least secure. See the<xhtml:spanclass="inline_block">chmod(2)</xhtml:span>man page for more information.</xhtml:p></xccdf:description><xccdf:rationale xml:lang="en"><xhtml:p>Data in world-writable files can be modified and compromised byany user on the system. World writable files may also indicate an incorrectlywritten script or program that could potentially be the cause of a largercompromise to the system's integrity.</xhtml:p></xccdf:rationale><xccdf:ident cc7:controlURI=""system=""/><xccdf:ident cc7:controlURI="-cc/v7.0/control/5/subcontrol/1" system=""/><xccdf:fixtext xml:lang="en"><xhtml:div><xhtml:p><xhtml:p>Removing write access for the "other" category (<xhtml:spanclass="inline_block">chmod o-w &lt;filename&gt;</xhtml:span>) is advisable, but always consult relevant vendor documentation to avoid breakingany application dependencies on a given file.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 311 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
dr.ibeziako
Tags
Commonwealth of Independent States, select idref, platform idref

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture