SLEM 5 must not have unnecessary account capabilities.

An XCCDF Rule

Description

<VulnDiscussion>Accounts providing no operational purpose provide additional opportunities for system compromise. Therefore all necessary noninteractive accounts should not have an interactive shell assigned to them.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-261358r996829_rule
Severity: Medium
References: CCI-000366
Updated: 20 days ago

Configure SLEM 5 so that all noninteractive accounts on the system have no interactive shell assigned to them.

Run the following command to disable the interactive shell for a specific noninteractive user account:

     > sudo usermod --shell /sbin/nologin nobody

SLEM 5 must not have unnecessary account capabilities.

Description

Remediation - Manual Procedure