Skip to content

6.2.2 Ensure /etc/shadow password fields are not empty

Audit#

Run the following command and verify that no output is returned: 

# awk -F: '($2 == "" ) { print $1 " does not have a password "}' /etc/shadow

Remediation#

If any accounts in the /etc/shadow file do not have a password, run the following command to lock the account until it can be determined why it does not have a password: 

# passwd -l <username>

Also, check to see if the account is logged in and investigate what it is being used for to determine if it needs to be forced off.