linux-baseline icon indicating copy to clipboard operation
linux-baseline copied to clipboard
verified publisher icon dev-sec

Add file system checks for other shadow and passwd/group files

Open cmhe opened this issue 4 years ago • 1 comments

Is your feature request related to a problem? Please describe. We currently have os-02 and os-03 which checks the permissions of /etc/shadow and /etc/passwd.

There are other files related to those, which are currently ignored:

  • /etc/shadow- (backup for /etc/shadow
  • /etc/gshadow (might contain group password hashes)
  • /etc/gshadow- (backup for /etc/gshadow)
  • /etc/passwd- (backup for /etc/passwd)
  • /etc/group (contains available groups and memberships)
  • /etc/group- (backup for /etc/group)

Describe the solution you'd like Add checks for those files as well

cmhe avatar Oct 25 '21 07:10 cmhe

Great idea @cmhe Happy to accept PRs to improve the controls

chris-rock avatar Oct 25 '21 07:10 chris-rock