A question

William Roberts bill.c.roberts at gmail.com
Mon Sep 24 18:58:34 UTC 2018 

On Mon, Sep 24, 2018 at 11:40 AM Ed Christiansen MS <edwardc at ll.mit.edu>
wrote:

> If you expect to pass any kind of security audit, the perms on
> /etc/shadow must be 0600.  Since it contains the actual password hashes
> no one can read it except root to prevent bad puppies from getting the
> hashes so they can reverse the hash by brute force on some other host.
>

Before everyone gathers the villagers, pitchforks and torches, I made a
mistake.
I crossed passwd with shadow in my response.

With that said, I was going to let it die with Frank's response, but I can
see folks
will keep at it. Just let it die. It's an off topic question related with
how linux permissions
work not with the audit subsystem.


>
> On 9/24/2018 3:50 AM, Frank Thommen wrote:
> > All systems I know disallow reading of /etc/shadow for others or even
> > group (for good reasons).  Hence sudo would be required.
> >
> > frank
> >
> >
> > On 09/24/2018 06:35 AM, William Roberts wrote:
> >> Sorry for the HTML...
> >>
> >> This seems off topic. This is list for questions surrounding the linux
> >> audit subsystem.
> >>
> >> That file is usually user=root group=root mode=0644. Ie read only for
> >> all, writeable for user root. No sudoers entry needed for read access.
> >>
> >> On Sun, Sep 23, 2018, 21:30 khalid fahad <kfgm2001 at gmail.com
> >> <mailto:kfgm2001 at gmail.com>> wrote:
> >>
> >>     Hi,
> >>     What is  the sudoers entry created to allow localuser to cat
> >>     /etc/shadow)
> >>     Thanks
> >>
> >>     --
> >>     Linux-audit mailing list
> >>     Linux-audit at redhat.com <mailto:Linux-audit at redhat.com>
> >>     https://www.redhat.com/mailman/listinfo/linux-audit
> >>
> >>
> >>
> >> --
> >> Linux-audit mailing list
> >> Linux-audit at redhat.com
> >> https://www.redhat.com/mailman/listinfo/linux-audit
> >>
> >
> > --
> > Linux-audit mailing list
> > Linux-audit at redhat.com
> > https://www.redhat.com/mailman/listinfo/linux-audit
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20180924/646b6c86/attachment.htm>

More information about the Linux-audit mailing list