From 5d50e4bb357cc943aa859f0cefa09b68290b32ad Mon Sep 17 00:00:00 2001
From: Paul Miller <paul@jettero.pl>
Date: Tue, 21 Apr 2020 12:44:39 -0400
Subject: [PATCH] /etc/gshadow should not have mode 000

---
 .../cis/centos-7-level-1-scored-v2-2-0.yaml                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-2-0.yaml b/hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-2-0.yaml
index 505ddfe..91da5df 100644
--- a/hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-2-0.yaml
+++ b/hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-2-0.yaml
@@ -840,7 +840,7 @@ stat:
       - /etc/gshadow:
           gid: 0
           group: root
-          mode: '000'
+          mode: '600'
           tag: CIS-6.1.5
           uid: 0
           user: root
@@ -885,7 +885,7 @@ stat:
       - /etc/gshadow-:
           gid: 0
           group: root
-          mode: '000'
+          mode: '600'
           tag: CIS-6.1.9
           uid: 0
           user: root