GEN000000-LNX001476 - The /etc/gshadow file must not contain any group password hashes.

Details

Group passwords are typically shared and should not be used.


Solution

Edit /etc/gshadow and change the password field to an exclamation point (!) to lock the group password.


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.


References


Source