An error occurred:

Check: GEN001420

Solaris 10 SPARC STIG: GEN001420 (in versions v2 r4 through v1 r19)

Title

The /etc/shadow (or equivalent) file must have mode 0400. (Cat II impact)

Discussion

The /etc/shadow file contains the list of local system accounts. It is vital to system security and must be protected from unauthorized modification. The file also contains password hashes which must not be accessible to users other than root.

Check Content

Check the mode of the /etc/shadow file. # ls -lL /etc/shadow If the /etc/shadow file has a mode more permissive than 0400, this is a finding.

Fix Text

Change the mode of the /etc/shadow (or equivalent) file. # chmod <mode> <file>

Additional Identifiers

Rule ID: SV-226524r854414_rule

Vulnerability ID: V-226524

Group Title: SRG-OS-000312

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002165

The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3 (4)

Discretionary Access Control