mediumfilesystemverified ✓rollback-safe
Ensure permissions on /etc/security/opasswd are configured
opasswd-permissions · RHEL ≥ 8 · 1 impl
Description
The /etc/security/opasswd file stores password history and should have restrictive permissions to prevent unauthorized access.
Rationale
The opasswd file contains hashed previous passwords. If readable by non-root users, it could be used for offline password cracking.
Check → Remediate
Checkfile_permission
- path:
- /etc/security/opasswd
- mode:
- 0600
- owner:
- root
- group:
- root
Remediatefile_permissions
- path:
- /etc/security/opasswd
- mode:
- 0600
- owner:
- root
- group:
- root
Framework references
CIS
rhel9 7.1.10rhel8 7.1.10rhel10 7.1.10
NIST 800-53
AC-3IA-5AC-6
Live verification
rhel9:check
#permissions#opasswd#password#security