The SUSE operating system must not have unnecessary account capabilities.

An XCCDF Rule

Details
Profiles

Description

Accounts providing no operational purpose provide additional opportunities for system compromise. Therefore all necessary non-interactive accounts should not have an interactive shell assigned to them.

ID: SV-237606r991589_rule
Version: SLES-12-010631
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Configure the SUSE operating system so that all non-interactive accounts on the system have no interactive shell assigned to them.

Run the following command to disable the interactive shell for a specific non-interactive user account:

> sudo usermod --shell /sbin/nologin nobody

The SUSE operating system must not have unnecessary account capabilities.

Description

Remediation Templates

A Manual Procedure