9.2.3 Verify No Legacy '+' Entries Exist in /etc/shadow File - + Entries Exist in /etc/shadow File

Information

The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on RHEL5 systems, but may exist in files that have been imported from other platforms.

Rationale:

These entries may provide an avenue for attackers to gain privileged access on the system.

Solution

Remove any legacyOS Default: Yes '+' entries from /etc/shadow if they exist.

Default Value:

OS Default: Yes

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-2(3), 800-53|IA-2, CSCv7|16.2, CSCv7|16.9

Plugin: Unix

Control ID: 8586bd9f10d2b1425c4752c53ddbd4b95b49260fda851045209e1be15d3b5c55