Commands under this section need to be run as root or with sudo
Section Content:
Ensure the following line exists within the file /etc/libuser.conf under the [import] section.
login_defs = /etc/login.defs
Ensure no lines in the [userdefaults] section begin with the following text, as these words override
settings from /etc/login.defs:
• LU_SHADOWMAX
• LU_SHADOWMIN
• LU_SHADOWWARNING
Ensure the following command produces no output. Any accounts listed by running this command should
be locked.
grep "^+:" /etc/passwd /etc/shadow /etc/group
Note: We strongly recommend that customers change their passwords after initial setup.
cd /etc
chown root:root passwd shadow group gshadow
chmod 644 passwd group
chmod 400 shadow gshadow
Find all the files that are world-writable and that do not have their sticky bits set.
find / -xdev -type d ( -perm -0002 -a ! -perm
...........
................
fifthposition
commented
3 years ago
Page No : 642 to 643
Section Content: Ensure the following line exists within the file /etc/libuser.conf under the [import] section. login_defs = /etc/login.defs Ensure no lines in the [userdefaults] section begin with the following text, as these words override settings from /etc/login.defs: • LU_SHADOWMAX • LU_SHADOWMIN • LU_SHADOWWARNING Ensure the following command produces no output. Any accounts listed by running this command should be locked. grep "^+:" /etc/passwd /etc/shadow /etc/group Note: We strongly recommend that customers change their passwords after initial setup. cd /etc chown root:root passwd shadow group gshadow chmod 644 passwd group chmod 400 shadow gshadow Find all the files that are world-writable and that do not have their sticky bits set. find / -xdev -type d ( -perm -0002 -a ! -perm ........... ................