The shadow password system enhances system security by removing encrypted passwords from the publicly available /etc/passwd file and moving them to the secured /etc/shadow file. This prevents users from running password-cracking programs against all of the encrypted passwords on your system.

Shadow passwords are covered in the section "The Shadow Password and Shadow Group Systems" in Chapter 18, which describes user management. In order to secure a system, it is a good idea to implement shadow passwords if they aren't already. You can check this by looking for /etc/shadow and verifying that the user list matches the one in /etc/passwd. If shadow passwords are not enabled, you may enable them by entering the pwconv command with no arguments. In the unlikely event that you use group passwords, you should also enable group shadowing with grpconv.

As mentioned in the "Objective 1: Configure and Manage inetd, xinetd, and Related Services" section in Chapter 20, inetd and /etc/inetd.conf (its configuration file) handle access to many system services. Despite the use of TCP wrappers on these services, the best security can be achieved by simply not offering services that aren't explicitly needed. ...