| VID |
14073 |
| Severity |
20 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
There are accounts which have no shell in the host system. Unauthorized users should be prohibited from using the system by restricting accounts which are not needed to log on the system to using a shell. accounts which are not needed to log on the system should be restricted to executing '/bin/sh' etc. and the accounts should be prohibited from login by setting shells to 'nologin' or 'bin/flase'
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Insert /sbin/nologin or /bin/false in the last field of the user whose shell is not set in /etc/passwd
bin:x:1:1:bin:/bin:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
or
Change the shell as the following command
chsh -s /sbin/nologin 'the ID of the user whose shell is not set' |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
