Skip to content

6.1.2 Ensure permissions on /etc/passwd- are configured

Audit#

Run the following command to verify /etc/passwd- is mode 644 or more restrictive, Uid is 0/root and Gid is 0/root: 

# stat -Lc "%n %a %u/%U %g/%G" /etc/passwd-
/etc/passwd- 644 0/root 0/root

Remediation#

Run the following commands to remove excess permissions, set owner, and set group on /etc/passwd-: 

# chmod u-x,go-wx /etc/passwd-
# chown root:root /etc/passwd

Default Value:

/etc/passwd- 644 0/root 0/root