Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-917 | GEN002140 | SV-37393r2_rule | Medium |
Description |
---|
The shells file lists approved default shells. It helps provide layered defense to the security approach by ensuring users cannot change their default shell to an unauthorized unsecure shell. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2016-12-16 |
Check Text ( C-36080r3_chk ) |
---|
Confirm the login shells referenced in the /etc/passwd file are listed in the /etc/shells file. Procedure: Determine which shells are permitted for use by users: # more /etc/shells Note: /usr/bin/false, /bin/false, /dev/null, /sbin/nologin, /bin/sync, /sbin/halt, /sbin/shutdown, (and equivalents) cannot be placed in the /etc/shells file. Determine which shells are being used: # more /etc/passwd (optionally shells found in /etc/passwd can be grepped for in /etc/shells) If any shells are found that are not in /etc/shells, or if false shells are found in /etc/shells, then this is a finding. |
Fix Text (F-31324r3_fix) |
---|
Use the "chsh" utility or edit the /etc/passwd file and correct the error by changing the default shell of the account in error to an acceptable shell name contained in the /etc/shells file. Example: # chsh -s /bin/bash testuser |