STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-237606r646781_rule
V-237606
SRG-OS-000480-GPOS-00227
SLES-12-010631
CAT II
10
Configure the SUSE operating system so that all non-interactive accounts on the system have no interactive shell assigned to them.
Run the following command to disable the interactive shell for a specific non-interactive user account:
> sudo usermod --shell /sbin/nologin nobody
Verify all non-interactive SUSE operating system accounts do not have an interactive shell assigned to them.
Obtain the list of authorized system accounts from the Information System Security Officer (ISSO).
Check the system accounts on the system with the following command:
> awk -F: '($7 !~ "/sbin/nologin" && $7 !~ "/bin/false"){print $1 ":" $3 ":" $7}' /etc/passwd
root:0:/bin/bash
nobody:65534:/bin/bash
If a non-interactive accounts such as "games" or "nobody" is listed with an interactive shell, this is a finding.
V-237606
False
SLES-12-010631
Verify all non-interactive SUSE operating system accounts do not have an interactive shell assigned to them.
Obtain the list of authorized system accounts from the Information System Security Officer (ISSO).
Check the system accounts on the system with the following command:
> awk -F: '($7 !~ "/sbin/nologin" && $7 !~ "/bin/false"){print $1 ":" $3 ":" $7}' /etc/passwd
root:0:/bin/bash
nobody:65534:/bin/bash
If a non-interactive accounts such as "games" or "nobody" is listed with an interactive shell, this is a finding.
M
4033