The /etc/shadow file is used to store the information about user accounts that is critical to the security of those accounts, such as the hashed password and other security information.
This rule will check the owner and permissions for the /etc/shadow file.
If attackers or regular users can gain read access to the /etc/shadow file, they can easily run a password cracking program against the hashed password to break it. Other security information that is stored in the /etc/shadow file (such as expiration) could also be useful to subvert the user accounts.
Change the owner and permissions to prevent unauthorized access.
Ensure that the
rootuser is the owner and has read and write permission.
Ensure that the file group is
Remove write permission from users associated with the group.
Remove the write and read permission from users associated with the other.