Profile Applicability:
• Level 2
Description:
System accounts are accounts used by services and system processes. Securing these accounts by disabling login, setting appropriate shells, and managing passwords prevents unauthorized access and reduces security risks.
Rationale:
Securing system accounts limits attack vectors that exploit unattended or poorly configured accounts, thereby enhancing overall system security.
Impact:
Pros:
Reduces risk of privilege escalation and unauthorized access.
Supports compliance with security policies.
Cons:
May affect service functionality if accounts are incorrectly disabled.
Default Value:
Some system accounts may allow login or have weak configurations by default.
Pre-requisites:
Root or sudo privileges to modify user accounts.
Remediation:
Test Plan:
Using Linux command line:
- List system accounts with valid shells or login access:
awk -F: '($3 < 1000) {print $1, $7}' /etc/passwd | grep -v '/sbin/nologin\|/bin/false' Identify any system accounts with shell access that should be disabled.
Implementation Plan:
Using Linux command line:
1. Disable login for system accounts not requiring it by setting shell to /sbin/nologin or /bin/false:
usermod -s /sbin/nologin <system_account>
2. Lock passwords for system accounts as appropriate:
passwd -l <system_account>
3. Verify changes:
grep <system_account> /etc/passwd
Backout Plan:
Using Linux command line:
- Re-enable login shells or unlock passwords if required:
usermod -s /bin/bash <system_account> passwd -u <system_account>
Verify functionality and access.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
Linux passwd Manual