Detections
Analytics
SLES-12-010631 - The SUSE operating system must not have unnecessary account capabilities.
Information
Accounts providing no operational purpose provide additional opportunities for system compromise. Therefore all necessary non-interactive accounts should not have an interactive shell assigned to them.NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure the SUSE operating system so that all non-interactive accounts on the system have no interactive shell assigned to them.Run the following command to disable the interactive shell for a specific non-interactive user account:
> sudo usermod --shell /sbin/nologin nobody
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLES_12_V3R4_STIG.zip
Item Details
Audit Name: DISA SLES 12 STIG v3r4
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-237606r991589_rule, STIG-ID|SLES-12-010631, Vuln-ID|V-237606
Plugin: Unix
Control ID: 4da977d2f3e56bce1cbd284b5e5b537b4bc875d718c39802a29a9ae29c895c6f