Verify User Who Owns Backup gshadow File
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
To properly set the owner of /etc/gshadow-
, run the command:
$ sudo chown root /etc/gshadow-
The /etc/gshadow-
file is a backup of /etc/gshadow
, and as such,
it contains group password hashes. Protection of this file is critical for system security.
The following script can be run on the host to remediate the issue.
#!/bin/bash
chown 0 /etc/gshadow-
The following playbook can be run with Ansible to remediate the issue.
- name: Test for existence /etc/gshadow-
stat:
path: /etc/gshadow-
register: file_exists
tags:
- NIST-800-53-AC-6 (1)
- PCI-DSS-Req-8.7
- configure_strategy
- file_owner_backup_etc_gshadow
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- name: Ensure owner 0 on /etc/gshadow-
file:
path: /etc/gshadow-
owner: '0'
when: file_exists.stat is defined and file_exists.stat.exists
tags:
- NIST-800-53-AC-6 (1)
- PCI-DSS-Req-8.7
- configure_strategy
- file_owner_backup_etc_gshadow
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed