'TCAT-AS-001050 - Tomcat user account must be set to nologin.' (Vuln ID: V-222983)

book

Article ID: 224411

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

Rule Title: Tomcat user account must be set to nologin.
Discussion: When installing Tomcat, a user account is created on the OS. This account is used in order for Tomcat to be able to operate on the OS but does not require the ability to actually log in to the system. Therefore when the account is created, the account must not be provided access to a login shell or other program on the system. This is done by specifying the "nologin" parameter in the command/shell field of the passwd file.

Check Text: From the command line of the Tomcat server type the following command:

sudo cat /etc/passwd|grep -i tomcat

If the command/shell field of the passwd file is not set to "/usr/sbin/nologin", this is a finding.

Environment

Release : 21.2

 

Resolution

This is not feasible in DX Netops Spectrum.

Services (tomcat, processd, etc) would not be able to be stopped or started if the shell is removed.

Therefore, this cannot be done in Spectrum for the Spectrum install user/owner.