-
-
Notifications
You must be signed in to change notification settings - Fork 633
Permissions and Limits
You can file an issue about it and ask that it be added.
Traditional Unix security relies heavily on file and directory permissions to prevent unauthorized users from reading or modifying files to which they should not have access.
Permissions for many files on a system must be set restrictively to ensure sensitive information is properly protected. This section discusses important permission restrictions which can be verified to ensure that no harmful discrepancies have arisen.
The default restrictive permissions for files which act as important security databases such as passwd, shadow, group, and gshadow files must be maintained.
# C2S/CIS: CCE-26949-8 (Medium) and CCE-26887-0 (Medium),
# CCE-27138-7 (Medium), CCE-26639-5 (Medium)
chmod 0644 /etc/passwd
chown root /etc/passwd
chgrp root /etc/passwd
# C2S/CIS: CCE-26933-2 (Medium), CCE-27037-1 (Medium)
chown root /etc/group
chgrp root /etc/group
# C2S/CIS: CCE-27100-7 (Medium), CCE-26795-5 (Medium),
# CCE-27125-4 (Medium)
chmod 0640 /etc/shadow
chown root /etc/shadow
chgrp root /etc/shadow
# C2S/CIS: CCE-27162-7 (Medium), CCE-27161-9 (Medium),
# CCE-26840-9 (Medium)
chmod 0000 /etc/gshadow
chown root /etc/gshadow
chgrp root /etc/gshadowC2S/CIS: CCE-26949-8 (Medium); CCE-26887-0 (Medium); CCE-27138-7 (Medium); CCE-26639-5 (Medium); CCE-26933-2; CCE-27037-1 (Medium); CCE-27100-7 (Medium); CCE-26795-5 (Medium); CCE-27125-4 (Medium); CCE-27162-7 (Medium); CCE-27161-9 (Medium); CCE-26840-9 (Medium)
# C2S/CIS: CCE-80153-0 (unknown)
# C2S/CIS: CCE-80153-0 (unknown)
# C2S/CIS: CCE-80153-0 (unknown)
The Practical Linux Hardening Guide provides a high-level overview of the hardening GNU/Linux systems. It is not an official standard or handbook but it touches and use industry standards.