Detections
Analytics
SLEM-05-411060 - SLEM 5 must not have unnecessary account capabilities.
Information
Accounts providing no operational purpose provide additional opportunities for system compromise. Therefore all necessary noninteractive accounts should not have an interactive shell assigned to them.NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure SLEM 5 so that all noninteractive accounts on the system have no interactive shell assigned to them.Run the following command to disable the interactive shell for a specific noninteractive user account:
> sudo usermod --shell /sbin/nologin nobody
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLEM_5_V1R4_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-261358r996829_rule, STIG-ID|SLEM-05-411060, Vuln-ID|V-261358
Plugin: Unix
Control ID: 98dadddb6f00992b382201e69edd110bbdd84cd0755c61e53e94fa5dc6eba461