UBUNTU/EtcShadowPermissions

Description

The /etc/shadow file is used to store the information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information.

This rule will check the owner and permissions for the /etc/shadow file.

Rationale

If attackers or regular users can gain read access to the /etc/shadow file, they can easily run a password cracking program against the hashed password to break it. Other security information that is stored in the /etc/shadow file (such as expiration) could also be useful to subvert the user accounts.

Change the owner and permissions to prevent unauthorized access.

  • Ensure that the root user is the owner and has read and write permission.

  • Ensure that the file group is root or shadow.

  • Remove write permission from users associated with the group.

  • Remove the write and read permission from users associated with the other.

Examples

Owner

Good

chown root:root /etc/shadow
chown root:shadow /etc/shadow

Dangerous

  • Any owner configuration other than the Good section could be dangerous.

Permissions

Good

chmod 640 /etc/shadow
chmod u+rw-x,g+r-wx,o-rwx /etc/shadow
  • Both commands have the same result.

Dangerous

  • Any permissions configuration other than the Good section could be dangerous.