Detections
Analytics
RHEL-10-400295 - RHEL 10 must enforce mode "0000" for "/etc/shadow" to prevent unauthorized access.
Information
The "/etc/shadow" file contains the list of local system accounts and stores password hashes. Protection of this file is critical for system security. Failure to give ownership of this file to "root" provides the designated owner with access to sensitive information, which could weaken the system security posture.Solution
Configure RHEL 10 to enforce mode "0000" for "/etc/shadow" to prevent unauthorized access.Change the mode of the file "/etc/shadow" to "0000" by running the following command:
$ sudo chmod 0000 /etc/shadow
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: ACCESS CONTROL
References: 800-53|AC-3, CAT|II, CCI|CCI-000213, Rule-ID|SV-281076r1165583_rule, STIG-ID|RHEL-10-400295, Vuln-ID|V-281076
Plugin: Unix
Control ID: e8493903961b2b44b319f271f983c6a5119b23b81546a6df8fa88c8df8e95403