Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
105
Views
0
Helpful
0
Replies

Default shell on linux account cisco-amp-scan-svc

rogonl
Community Member

‎05-01-2024 03:16 AM

L.S.,

standard the service account cisco-amp-scan-svc gets created on linux servers using a uid lower than $UID_MIN (normally 1000) and as shell "/bin/false". However, the CIS security baselines state that system accounts (accounts with a uid lower than $UID_MIN) should have specified "/sbin/nologin" or "/usr/sbin/nologin" as their shell. Why is Cisco not following this baseline? 

I've read that changing this shell also lead to issues (see CSCvw81151). Is this still in issue in version 1.24? 

Kind regards,  Ronald van Gogh

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents