Differences

This shows you the differences between two versions of the page.

--- fuss:security [2019/04/29 22:44] – [Varnish and Fail2Ban] office
+++ fuss:security [2022/09/27 14:15] – [Intercept SSL 2.0 / SSL 3.0 Using SSLsniff] office
@@ Line 116: / Line 116: @@
 PASS secretpassword
 </code>
+====== Normalizing the No-Login Shell after Debian Updates ======
+After successive updates and corrections, the password database might not get updated such that scanning ''/etc/passwd'' for users reveals multiple variants of the ''/usr/sbin/nologin'' shell such as:
+<code>
+systemd-coredump:x:998:998:systemd Core Dumper:/:/sbin/nologin
+rslsync:x:999:999::/home/rslsync:/sbin/nologin
+sshd:x:107:65534::/var/run/sshd:/usr/sbin/nologin
+</code>
+where the correct answer seems to be ''/usr/bin/nologin'' and as one might imagine, the other file paths do not even exist leaving an opportunity for an attacker to slide a shell into place.
+A solution to batch-change the shell for all users that have no-login shells, correcting the path, would be the following:
+<code bash>
+for i in `cat /etc/passwd | grep nologin | awk -F ':' '{ print $1 }' | xargs`; do usermod -s /usr/sbin/nologin "$i"; done
+</code>