{"description": "The <tt>/sbin/nologin</tt> shell is used to restrict accounts from having login access\nand should not be listed as a valid login shell in <tt>/etc/shells</tt>.\nTo verify that nologin is not listed in /etc/shells, run:\n<pre>$ grep nologin /etc/shells</pre>\nThe command should return no output.", "rationale": "The <tt>/etc/shells</tt> is consulted by various programs to evaluate\nwhether the user is somehow restricted. For example, the chsh utility will\nconsult the file to determine if the user is allowed to change their shell. ", "severity": "medium", "references": {"cis": ["5.4.3.1"]}, "control_references": {"cis": ["5.4.3.1"]}, "components": [], "identifiers": {}, "ocil_clause": "nologin is listed in /etc/shells", "ocil": "To verify that nologin is not listed in /etc/shells, run:\n<pre>$ grep nologin /etc/shells</pre>\nThe command should return no output.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure nologin Shell is Not Listed in /etc/shells", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/no_nologin_in_shells/rule.yml", "template": null}