4504-nginx-ownership-/etc/nginx Directory and Its Files Should Be Owned by Root
Rule ID
Category
Level
Compatible Versions
Description
- The nginx account should not be able to log in, so /sbin/nologin should be set for this account.
Scan Frequency
Rationale
- The account used for nginx should only be used for the nginx service and does not need the ability to log in. This prevents attackers from using the account to log in.
Risk Items
Audit Method
- Run the following command to verify:
- Run the following command:
#> chsh -s /sbin/nologin nginx
Impact
- This ensures that the nginx user account cannot be used by human users.
Default Value
- By default, the shell for the nginx user is /sbin/nologin.
References
CIS Controls