<xhtml:code class="code_block"># chown root:root /etc/group-<br/># chmod u-x,go-wx /etc/group-</xhtml:code><xhtml:p/></xhtml:p></xhtml:div></xccdf:fixtext><xccdf:complex-check operator="AND"><check system=""><check-content-ref href="CIS_CentOS_Linux_8_Benchmark_v1.0.0.1-oval.xml" name="oval:org.cisecurity.benchmarks.centos_centos_8:def:698604"/></check></xccdf:complex-check></xccdf:Rule><xccdf:Ruleid="xccdf_org.cisecurity.benchmarks_rule_6.1.9_Ensure_permissions_on_etcgshadow-_are_configured" role="full" selected="false" weight="1.0"><xccdf:title xml:lang="en">Ensure permissions on /etc/gshadow- areconfigured</xccdf:title><xccdf:description xml:lang="en"><xhtml:p>The<xhtml:span class="inline_block">/etc/gshadow-</xhtml:span>file is used to store backup information about groups that is critical to thesecurity of those accounts, such as the hashed password and other securityinformation.</xhtml:p></xccdf:description><xccdf:rationale xml:lang="en"><xhtml:p>It is critical to ensure that the<xhtml:spanclass="inline_block">/etc/gshadow-</xhtml:span>file is protected from unauthorized access. Although it is protected by default,the file permissions could be changed either inadvertently or through maliciousactions.</xhtml:p></xccdf:rationale><xccdf:ident cc7:controlURI="-cc/v7.0/control/16/subcontrol/4" system=""/><xccdf:fixtext xml:lang="en"><xhtml:div><xhtml:p><xhtml:p>Run one of the following chown commands as appropriate and the chmod to setpermissions on<xhtml:span class="inline_block">/etc/gshadow-</xhtml:span>:</xhtml:p><xhtml:code class="code_block"># chown root:root /etc/gshadow-<br/># chown root:shadow /etc/gshadow-<br/><br/># chmod o-rwx,g-rw /etc/gshadow-</xhtml:code><xhtml:p/></xhtml:p></xhtml:div></xccdf:fixtext><xccdf:complex-check operator="AND"><check system=""><check-content-ref href="CIS_CentOS_Linux_8_Benchmark_v1.0.0.1-oval.xml" name="oval:org.cisecurity.benchmarks.centos_centos_8:def:698610"/>
</check></xccdf:complex-check></xccdf:Rule><xccdf:Ruleid="xccdf_org.cisecurity.benchmarks_rule_6.1.10_Ensure_no_world_writable_files_exist" role="full" selected="false" weight="1.0"><xccdf:title xml:lang="en">Ensure no world writable filesexist</xccdf:title><xccdf:description xml:lang="en"><xhtml:p>Unix-based systems support variable settings to control access to files. Worldwritable files are the least secure. See the<xhtml:spanclass="inline_block">chmod(2)</xhtml:span>man page for more information.</xhtml:p></xccdf:description><xccdf:rationale xml:lang="en"><xhtml:p>Data in world-writable files can be modified and compromised byany user on the system. World writable files may also indicate an incorrectlywritten script or program that could potentially be the cause of a largercompromise to the system's integrity.</xhtml:p></xccdf:rationale><xccdf:ident cc7:controlURI=""system=""/><xccdf:ident cc7:controlURI="-cc/v7.0/control/5/subcontrol/1" system=""/><xccdf:fixtext xml:lang="en"><xhtml:div><xhtml:p><xhtml:p>Removing write access for the "other" category (<xhtml:spanclass="inline_block">chmod o-w <filename></xhtml:span>) is advisable, but always consult relevant vendor documentation to avoid breakingany application dependencies on a given file.
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
End of preview. Want to read all 311 pages?
Upload your study docs or become a
Course Hero member to access this document
Term
Fall
Professor
dr.ibeziako
Tags
Commonwealth of Independent States, select idref, platform idref
