Skip to main content

How wise is the Security Advisor ?

Comments

3 comments

  • quizknows
    /etc/shadow is 0200 on my centos system... it should be no higher than 0600 ever (except on distros like ubuntu with a 'shadow' group in which case 0640 may be used). World read on shadow is a pretty bad scenario, regardless of how it happened. As far as the error, that's something else. I haven't seen that on any xen or kvm instances before, hopefully cPanel has some ideas there.
    0
  • lorio
    Thanks for your answer. I had set back shadow to 0200. Let's see if others are getting similar recommendations from the security advisor.
    0
  • cPanelMichael
    Hello, Internal case CPANEL-6194 addresses an issue where if permissions are not 0200 or 0600 for /etc/shadow and/or 0600 for /etc/passwd, Security Advisor reports a message like this:
    /etc/shadow has non default permissions. Expected: 463374770, Actual: 0644.
    I'll update this thread once the resolution is included with a public build of cPanel. In the meantime, you could follow the instructions on the Security Advisor GitHub repository if you want the latest changes before they are included with a published build of cPanel: GitHub - CpanelInc/addon_securityadvisor: Security Advisor for cPanel 11.40 and later (canonical upstream repo) The resolution is documented at: Corrected missprint of expected value for file permissions " CpanelInc/addon_securityadvisor@a227c66 " GitHub Thank you.
    0

Please sign in to leave a comment.