STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The /etc/passwd file must not contain password hashes.

DISA Rule

SV-208808r603263_rule

Vulnerability Number

V-208808

Group Title

SRG-OS-000480

Rule Version

OL6-00-000031

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If any password hashes are stored in "/etc/passwd" (in the second field, instead of an "x"), the cause of this misconfiguration should be investigated. The account should have its password reset and the hash should be properly stored, or the account should be deleted entirely.

Check Contents

To check that no password hashes are stored in "/etc/passwd", run the following command:

# awk -F: '($2 != "x") {print}' /etc/passwd

If it produces any output, then a password hash is stored in "/etc/passwd".
If any stored hashes are found in /etc/passwd, this is a finding.

Vulnerability Number

V-208808

Documentable

False

Rule Version

OL6-00-000031

Severity Override Guidance

To check that no password hashes are stored in "/etc/passwd", run the following command:

# awk -F: '($2 != "x") {print}' /etc/passwd

If it produces any output, then a password hash is stored in "/etc/passwd".
If any stored hashes are found in /etc/passwd, this is a finding.

Check Content Reference

M

Target Key

2928

Comments