6.1.6 Ensure permissions on /etc/shadow- are configured
Audit#
Run the following command to verify /etc/shadow- is mode 640 or more restrictive, Uid is 0/root and Gid is 0/root:
Example:
Remediation#
Run one of the following commands to set ownership of /etc/shadow- to root and group to either root or shadow:
-OR-
Run the following command to remove excess permissions form /etc/shadow-:
Default Value:
/etc/shadow- 640 0/root 42/shadow