[Bug 1993647] Re: Shell for the octavia user should be set to nologin
Felipe Reyes
1993647 at bugs.launchpad.net
Thu Oct 20 15:29:32 UTC 2022
Adding a task for the 'octavia' deb package since it's the component
that creates the user.
** Also affects: octavia (Ubuntu)
Importance: Undecided
Status: New
** Changed in: charm-octavia
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to octavia in Ubuntu.
https://bugs.launchpad.net/bugs/1993647
Title:
Shell for the octavia user should be set to nologin
Status in OpenStack Octavia Charm:
Invalid
Status in octavia package in Ubuntu:
New
Bug description:
By default, the shell for octavia user is set to be /bin/sh:
```
# grep octavia /etc/passwd
octavia:x:116:124::/var/lib/octavia:/bin/sh
```
However, the CIS hardening rule "Ensure system accounts are secured"
requires system accounts to be secured and the shell set to nologin.
As a workaround, you can run the following on octavia units:
```
# usermod -s "$(which nologin)" octavia
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-octavia/+bug/1993647/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list