From: Kenneth Stailey kstailey.lists@gmail.com
By using mode 0 for the /etc/gshadow file we avoid switching to a less restrictive protection mode and avoid having the file permissions to deviate from the permissions recorded in the RPM database.
Signed-off-by: Kenneth Stailey kstailey.lists@gmail.com --- .../input/checks/file_permissions_etc_gshadow.xml | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/RHEL6/input/checks/file_permissions_etc_gshadow.xml b/RHEL6/input/checks/file_permissions_etc_gshadow.xml index d86a582..674f7bc 100644 --- a/RHEL6/input/checks/file_permissions_etc_gshadow.xml +++ b/RHEL6/input/checks/file_permissions_etc_gshadow.xml @@ -19,9 +19,9 @@ <unix:object object_ref="obj_20038" /> <unix:state state_ref="state_1000400" /> </unix:file_test> - <unix:file_state id="state_1000400" + <unix:file_state id="state_1000000" version="1"> - <unix:uread datatype="boolean">true</unix:uread> + <unix:uread datatype="boolean">false</unix:uread> <unix:uwrite datatype="boolean">false</unix:uwrite> <unix:uexec datatype="boolean">false</unix:uexec> <unix:gread datatype="boolean">false</unix:gread>