no matching group file entry in /etc/gshadow add group 'cpanel' in /etc/gshadow?
Hello, lynis (linux security auditing tool), reported this:
[QUOTE]grpck binary found errors in one or more group files [AUTH-9216]
[url=http://cisofy.com/controls/AUTH-9216/]Lynis control AUTH-9216: Consistency of password/group files
when running grpck: [QUOTE]grpck no matching group file entry in /etc/gshadow add group 'cpanel' in /etc/gshadow?
any idea pls why this "error" is there / how to fix?
when running grpck: [QUOTE]grpck no matching group file entry in /etc/gshadow add group 'cpanel' in /etc/gshadow?
any idea pls why this "error" is there / how to fix?
-
Hello :) It's normal to not see the "cpanel" username in /etc/gshadow. This is by design. You can find more information about this file here: RHEL - /etc/gshadow Thank you. 0 -
Lynis (2.2.0) reports the same thing and grpck reports: root@obscured [/usr/local]# grpck -r no matching group file entry in /etc/gshadow add group 'cpanel' in /etc/gshadow? No no matching group file entry in /etc/gshadow add group 'cpanelphpmyadmin' in /etc/gshadow? No no matching group file entry in /etc/gshadow add group 'cpanelphppgadmin' in /etc/gshadow? No no matching group file entry in /etc/gshadow add group 'cpanelroundcube' in /etc/gshadow? No no matching group file entry in /etc/gshadow add group 'cpanelrrdtool' in /etc/gshadow? No no matching group file entry in /etc/gshadow add group 'mailman' in /etc/gshadow? No grpck: no changes
I appreciate the answer that it's "normal" not to see the "cpanel" group there, but the the question becomes (1) why is this normal and (2) will it hurt security in any way to allow grpck add those groups to /etc/gshadow/? Thanks in advance.0 -
The following document is a good place to start for anyone who wants to understand what grpck does: grpck(8) - Linux manual page Adding the entries is acceptable, and we provide following script to add those entries: /scripts/grpck
Thank you.0
Please sign in to leave a comment.
Comments
3 comments