Check: GEN001420
Solaris 10 X86 STIG:
GEN001420
(in versions v2 r4 through v1 r17)
Title
The /etc/shadow (or equivalent) file must have mode 0400. (Cat II impact)
Discussion
The /etc/shadow file contains the list of local system accounts. It is vital to system security and must be protected from unauthorized modification. The file also contains password hashes which must not be accessible to users other than root.
Check Content
Check the mode of the /etc/shadow file. # ls -lL /etc/shadow If the /etc/shadow file has a mode more permissive than 0400, this is a finding.
Fix Text
Change the mode of the /etc/shadow (or equivalent) file. # chmod <mode> <file>
Additional Identifiers
Rule ID: SV-227650r854479_rule
Vulnerability ID: V-227650
Group Title: SRG-OS-000312
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002165 |
The information system enforces organization-defined discretionary access control policies over defined subjects and objects. |
Controls
Number | Title |
---|---|
AC-3 (4) |
Discretionary Access Control |