GEN000000-LNX001433 - The /etc/gshadow file must have mode 0400.

Details

The /etc/gshadow file is critical to system security and must be protected from unauthorized modification. The /etc/gshadow file contains a list of system groups and hashes for group passwords.


Solution

Change the mode of the /etc/gshadow file to 0400 or less permissive.
# chmod 0400 /etc/gshadow


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.


References


Source