← Rules Catalog
mediumfilesystemverified rollback-safe

Ensure permissions on /etc/security/opasswd are configured

opasswd-permissions · RHEL ≥ 8 · 1 impl

Description

The /etc/security/opasswd file stores password history and should have restrictive permissions to prevent unauthorized access.

Rationale

The opasswd file contains hashed previous passwords. If readable by non-root users, it could be used for offline password cracking.

Check → Remediate

Checkfile_permission
path:
/etc/security/opasswd
mode:
0600
owner:
root
group:
root
Remediatefile_permissions
path:
/etc/security/opasswd
mode:
0600
owner:
root
group:
root

Framework references

CIS

rhel9 7.1.10rhel8 7.1.10rhel10 7.1.10

NIST 800-53

AC-3IA-5AC-6

Live verification

rhel9:check
#permissions#opasswd#password#security