/etc/passwd and /etc/shadow checks fail on CentOS #1264
Labels
Type: Bug
Feature not working as expected
Comments
|
I can confirm that issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
With 1.3.0 InSpec release, file mode checks now fail for /etc/passwd and /etc/shadow
on CentOS despite correct values on filesystem. Tests report "Invalid usergroup/owner
provided".
✖ os-02: Check owner and permissions for /etc/shadow (5 failed)
...
Invalid usergroup/owner provided
...
✖ os-03: Check owner and permissions for /etc/passwd (7 failed)
...
Invalid usergroup/owner provided
...
[centos etc]$ ls -l passwd shadow
-rw-r--r--. 1 root root 2097 Oct 31 17:18 passwd
-rw-------. 1 root root 931 Oct 31 17:14 shadow
InSpec and Platform Version
InSpec 1.3.0 and CentOS 7.2
Replication Case
Possible Solutions
Stacktrace
Relevant snippet from InSpec output included below:
✖ os-02: Check owner and permissions for /etc/shadow (5 failed)
✖ File /etc/shadow should not be executable
Invalid usergroup/owner provided
✖ File /etc/shadow should be writable by owner
Invalid usergroup/owner provided
✖ File /etc/shadow should be readable by owner
Invalid usergroup/owner provided
✖ File /etc/shadow should not be readable by group
Invalid usergroup/owner provided
✖ File /etc/shadow should not be readable by other
Invalid usergroup/owner provided
✔ File /etc/shadow should exist
✔ File /etc/shadow should be file
✔ File /etc/shadow should be owned by "root"
✔ File /etc/shadow group should eq "root"
✖ os-03: Check owner and permissions for /etc/passwd (7 failed)
✖ File /etc/passwd should not be executable
Invalid usergroup/owner provided
✖ File /etc/passwd should be writable by owner
Invalid usergroup/owner provided
✖ File /etc/passwd should not be writable by group
Invalid usergroup/owner provided
✖ File /etc/passwd should not be writable by other
Invalid usergroup/owner provided
✖ File /etc/passwd should be readable by owner
Invalid usergroup/owner provided
✖ File /etc/passwd should be readable by group
Invalid usergroup/owner provided
✖ File /etc/passwd should be readable by other
Invalid usergroup/owner provided
✔ File /etc/passwd should exist
✔ File /etc/passwd should be file
✔ File /etc/passwd should be owned by "root"
✔ File /etc/passwd group should eq "root"
The text was updated successfully, but these errors were encountered: