Profile Applicability:
 • Level 2

Description:
 The /etc/shells file lists valid login shells on the system. Including /sbin/nologin or similar non-interactive shells in this list may allow users with such shells to bypass restrictions, potentially leading to unauthorized access.

Rationale:
 Removing 
nologin entries from /etc/shells ensures that only valid interactive shells are permitted, preventing misuse of non-login shells for shell access.

Impact:
 Pros:

  • Strengthens user account access controls.

  • Prevents potential security loopholes.

Cons:

  • May interfere with legitimate system processes that rely on nologin.

Default Value:
 
nologin or similar shells are often included in /etc/shells by default.

Pre-requisites:

  • Root or sudo privileges to edit system files.

Remediation:

Test Plan:

Using Linux command line:

  1. Check if nologin is listed in /etc/shells:
    grep nologin /etc/shells


  2. Review the entries.

Implementation Plan:

Using Linux command line:

  1. Edit /etc/shells to remove any lines containing /sbin/nologin or /usr/sbin/nologin:
    vi /etc/shells
  2. Save the file.

Backout Plan:

Using Linux command line:

  1. Restore original /etc/shells from backup if issues arise.

  2. Verify system functionality.

References:

  • CIS Amazon Linux 2 Benchmark v3.0.0

  • Linux shells documentation