STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

All shells referenced in /etc/passwd must be listed in the /etc/shells file, except any shells specified for the purpose of preventing logins.

DISA Rule

SV-226567r603265_rule

Vulnerability Number

V-226567

Group Title

SRG-OS-000480

Rule Version

GEN002140

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Use the chsh utility or edit the /etc/passwd file and correct the error by changing the default shell of the account in error to an acceptable shell name contained in the /etc/shells file.

Check Contents

Confirm the login shells referenced in the /etc/passwd file are listed in the /etc/shells file.

Procedure:
# more /etc/passwd
# more /etc/shells

The /usr/bin/false, /bin/false, /dev/null, /sbin/nologin, (and equivalents), and sdshell will be considered valid shells for use in the /etc/passwd file, but will not be listed in the /etc/shells file.

If a shell referenced in /etc/passwd is not listed in the shells file, excluding the above mentioned shells, this is a finding.

Vulnerability Number

V-226567

Documentable

False

Rule Version

GEN002140

Severity Override Guidance

Confirm the login shells referenced in the /etc/passwd file are listed in the /etc/shells file.

Procedure:
# more /etc/passwd
# more /etc/shells

The /usr/bin/false, /bin/false, /dev/null, /sbin/nologin, (and equivalents), and sdshell will be considered valid shells for use in the /etc/passwd file, but will not be listed in the /etc/shells file.

If a shell referenced in /etc/passwd is not listed in the shells file, excluding the above mentioned shells, this is a finding.

Check Content Reference

M

Target Key

4060

Comments