To properly set the group owner of /etc/group, run the command:
$ sudo chgrp root /etc/group
The /etc/group file contains information regarding groups that are configured on the system. Protection of this file is important for system security.
To properly set the group owner of /etc/gshadow, run the command:
$ sudo chgrp root /etc/gshadow
The /etc/gshadow file contains group password hashes. Protection of this file is critical for system security.
To properly set the group owner of /etc/motd, run the command:
$ sudo chgrp root /etc/motd
Display of a standardized and approved use notification before granting
access to the operating system ensures privacy and security notification
verbiage used is consistent with applicable federal laws, Executive Orders,
directives, policies, regulations, standards, and guidance.
Proper group ownership will ensure that only root user can modify the banner.
To properly set the group owner of /etc/passwd, run the command:
$ sudo chgrp root /etc/passwd
The /etc/passwd file contains information about the users that are configured on the system. Protection of this file is critical for system security.
To properly set the group owner of /etc/shadow, run the command:
$ sudo chgrp root /etc/shadow
The /etc/shadow file stores password hashes. Protection of this file is critical for system security.
To properly set the owner of /etc/group, run the command:
$ sudo chown root /etc/group
The /etc/group file contains information regarding groups that are configured on the system. Protection of this file is important for system security.
To properly set the owner of /etc/gshadow, run the command:
$ sudo chown root /etc/gshadow
The /etc/gshadow file contains group password hashes. Protection of this file is critical for system security.
To properly set the owner of /etc/motd, run the command:
$ sudo chown root /etc/motd
Display of a standardized and approved use notification before granting
access to the operating system ensures privacy and security notification
verbiage used is consistent with applicable federal laws, Executive Orders,
directives, policies, regulations, standards, and guidance.
Proper ownership will ensure that only root user can modify the banner.
To properly set the owner of /etc/passwd, run the command:
$ sudo chown root /etc/passwd
The /etc/passwd file contains information about the users that are configured on the system. Protection of this file is critical for system security.
To properly set the owner of /etc/shadow, run the command:
$ sudo chown root /etc/shadow
The /etc/shadow file contains the list of local system accounts and stores password hashes. Protection of this file is critical for system security. Failure to give ownership of this file to root provides the designated owner with access to sensitive information which could weaken the system security posture.
To properly set the permissions of /etc/group, run the command:
$ sudo chmod 0644 /etc/group
The /etc/group file contains information regarding groups that are configured on the system. Protection of this file is important for system security.
To properly set the permissions of /etc/gshadow, run the command:
$ sudo chmod 0000 /etc/gshadow
The /etc/gshadow file contains group password hashes. Protection of this file is critical for system security.
To properly set the permissions of /etc/motd, run the command:
$ sudo chmod 0644 /etc/motd
Display of a standardized and approved use notification before granting
access to the operating system ensures privacy and security notification
verbiage used is consistent with applicable federal laws, Executive Orders,
directives, policies, regulations, standards, and guidance.
Proper permissions will ensure that only root user can modify the banner.
To properly set the permissions of /etc/passwd, run the command:
$ sudo chmod 0644 /etc/passwd
If the /etc/passwd file is writable by a group-owner or the world the risk of its compromise is increased. The file contains the list of accounts on the system and associated information, and protection of this file is critical for system security.
To properly set the permissions of /etc/shadow, run the command:
$ sudo chmod 0000 /etc/shadow
The /etc/shadow file contains the list of local system accounts and stores password hashes. Protection of this file is critical for system security. Failure to give ownership of this file to root provides the designated owner with access to sensitive information which could weaken the system security posture.