>From 54a609d243f91049759a3154aef2d4a707829774 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Wed, 4 Jul 2012 01:31:40 -0400 Subject: [PATCH 06/11] Updated prose for perms_shadow_file
Updated perms_shadow_file to give specific guidance, added language to match that of the STIG, mapped to CCI --- rhel6/src/input/system/permissions/files.xml | 11 +++++++---- 1 files changed, 7 insertions(+), 4 deletions(-) diff --git a/rhel6/src/input/system/permissions/files.xml b/rhel6/src/input/system/permissions/files.xml index 1bd75b1..0c2990e 100644 --- a/rhel6/src/input/system/permissions/files.xml +++ b/rhel6/src/input/system/permissions/files.xml @@ -45,12 +45,15 @@ critical for system security.</rationale> <Rule id="perms_shadow_file"> <title>Verify permissions on <tt>shadow</tt> file</title> <description>File permissions for <tt>/etc/shadow</tt> should be set -correctly.</description> -<rationale>The /etc/shadow file stores password hashes. Protection of this file is -critical for system security.</rationale> +to 0400 or more restrictive.</description> +<rationale>The <tt>/etc/shadow</tt> file contains the list of local +system accounts and stores password hashes. Protection of this file is +critical for system security. Failure to give ownership of this file +to root provides the designated owner with access to sensitive information +which could weaken the system security posture.</rationale> <ident cce="4130-1" /> <oval id="file_permissions_etc_shadow" /> -<ref nist="AC-3, CM-6"/> +<ref nist="AC-3, CM-6" disa="225"/> </Rule> <Rule id="userowner_group_file"> -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
