Profile Applicability:
• Level 2
Description:
The /etc/shells file lists valid login shells on the system. Including /sbin/nologin or similar non-interactive shells in this list may allow users with such shells to bypass restrictions, potentially leading to unauthorized access.
Rationale:
Removing nologin entries from /etc/shells ensures that only valid interactive shells are permitted, preventing misuse of non-login shells for shell access.
Impact:
Pros:
Strengthens user account access controls.
Prevents potential security loopholes.
Cons:
May interfere with legitimate system processes that rely on nologin.
Default Value:
nologin or similar shells are often included in /etc/shells by default.
Pre-requisites:
Root or sudo privileges to edit system files.
Remediation:
Test Plan:
Using Linux command line:
- Check if nologin is listed in /etc/shells:
grep nologin /etc/shells
Review the entries.
Implementation Plan:
Using Linux command line:
- Edit /etc/shells to remove any lines containing /sbin/nologin or /usr/sbin/nologin:
vi /etc/shells
Save the file.
Backout Plan:
Using Linux command line:
Restore original /etc/shells from backup if issues arise.
Verify system functionality.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
Linux shells documentation