The icdx service account has login privileges
search cancel

The icdx service account has login privileges


Article ID: 218786


Updated On:


Integrated Cyber Defense Exchange


When performing a security audit of the Symantec Integrated Cyber Defense Exchange (ICDx) server, the icdx service account is found to have login privileges.


Release : 1.4


Early versions of the ICDx product installer created the icdx service account with the system's default account configuration. This was addressed in later releases but upgrades of the ICDx software do not modify the privileges of a previously created icdx service account.


The icdx service account does not require login priveleges and the following commands will remove login privileges from the service account:

  1. Lock the account's password
    sudo passwd -l icdx
  2. Set the account login shell to the nologin shell
    sudo usermod -s /sbin/nologin icdx

These changes do not require a restart of the ICDx services or a reboot of the ICDx service host.