When performing a security audit of the Symantec Integrated Cyber Defense Exchange (ICDx) server, the icdx service account is found to have login privileges.

Release : 1.4

Early versions of the ICDx product installer created the icdx service account with the system's default account configuration. This was addressed in later releases but upgrades of the ICDx software do not modify the privileges of a previously created icdx service account.

The icdx service account does not require login priveleges and the following commands will remove login privileges from the service account:

1. Lock the account's password

   sudo passwd -l icdx

2. Set the account login shell to the nologin shell

   sudo usermod -s /sbin/nologin icdx

These changes do not require a restart of the ICDx services or a reboot of the ICDx service host.