TOC & Recently Viewed

Recently Viewed Topics


This built-in function ensures that each user has a valid shell as defined in /etc/shells.

The /etc/shells file is used by applications such as Sendmail and FTP servers to determine if a shell is valid on the system. While it is not used by the login program, administrators can use this file to define which shells are valid on the system. The invalid_login_shells check can verify that all users in the /etc/passwd file are configured with valid shells as defined in the /etc/shells file.

This avoids unsanctioned practices such as using /sbin/passwd as a shell to let users change their passwords. If you do not want a user to be able to log in, create an invalid shell in /etc/shells (e.g., /nonexistent) and set it for the desired users.

If you have users without a valid shell, define a valid shell for them.



name: "invalid_login_shells"

description: "This check reports user accounts with shells which do not exist or is not listed in /etc/shells."


Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.