Set default shell to /bin/false in /etc/adduser.conf

Description

Set /bin/false as the default shell to be used for all new users.

Rationale

Require an administrative user to actively set a valid login shell.

Audit

@test "Verify DSHELL in /etc/adduser.conf" {
  run bash -c "grep '^DSHELL=/bin/false$' /etc/adduser.conf"
  [ "$status" -eq 0 ]
}

Remediation

shell

sed -i 's/DSHELL=.*/DSHELL=\/bin\/false/' "/etc/adduser.conf"

References

https://manpages.ubuntu.com/manpages/bionic/en/man5/adduser.conf.5.html

results matching ""

    No results matching ""