Shell for the octavia user should be set to nologin
Bug #1993647 reported by
Przemyslaw Hausman
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Octavia Charm |
Invalid
|
Undecided
|
Unassigned | ||
octavia (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
By default, the shell for octavia user is set to be /bin/sh:
```
# grep octavia /etc/passwd
octavia:
```
However, the CIS hardening rule "Ensure system accounts are secured" requires system accounts to be secured and the shell set to nologin.
As a workaround, you can run the following on octavia units:
```
# usermod -s "$(which nologin)" octavia
```
tags: | added: cis-hardening |
description: | updated |
To post a comment you must log in.
Adding a task for the 'octavia' deb package since it's the component that creates the user.