Details
The ‘apache’ account must not be used as a regular login account, so it should be assigned an invalid or ‘nologin’ shell to ensure it cannot be used to log in.
Rationale:
Service accounts such as the ‘apache’ account are a risk if they can be used to get a login shell to the system.
Solution
Change the ‘apache’ account to use the ‘nologin’ shell or an invalid shell such as ‘/dev/null’:
# chsh -s /sbin/nologin apache
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.