Hello, this sounds like surprising advice to me -- afterall the
/etc/passwd file is 644. I don't know what would be the point of hiding
this 'backup' file. Does the benchmark give a rationale for this?
Thanks
** Information type changed from Private Security to Public Security
** Changed in: shadow (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1923262
Title:
backup /etc/passwd- file should be mode 0600
Status in shadow package in Ubuntu:
Incomplete
Bug description:
CIS hardening benchmarks (6.1.6) suggest that the /etc/passwd- file
should be mode 0600 (or more restrictive).
However, this file is 0644 after it is created when the /etc/passwd
file is modified. (Ie, a hardening script that creates a hardened
system for initial use could change this mode, but it will go out of
compliance the next time a backup file is made.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1923262/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
