Completely locking out a user

To: debian-user@lists.debian.org
Subject: Completely locking out a user
From: Nicolas George <george@nsup.org>
Date: Fri, 3 Feb 2023 16:27:06 +0100
Message-id: <[🔎] Y90nyvi7CHbzTLFR@phare.normalesup.org>
Reply-to: debian-user@lists.debian.org

Hi.

When there is a suspicious access to a user account, we want to lock
this account until we made sure. So “:-:” in /etc/shadow and shell to
/bin/false, and “sudo -u user kill -9 -1”.

But, at least with the default configuration, these will not block:

- crontabs or atjobs that download instructions from the web;

- .procmailrc or “|something” in .forward;

- probably one or two mechanisms I forgot about.

PAM might be able to help for some of these, but not all.

I tried to search on the web, but did not find anything relevant, which
is somewhat surprising to me.

Do you know of any extensive discussion about this topic, to help me set
something up without leaving too many holes?

Regards,

-- 
  Nicolas George

Reply to:

Follow-Ups:
- Re: Completely locking out a user
  - From: Greg Wooledge <greg@wooledge.org>
- Re: Completely locking out a user
  - From: Henning Follmann <hfollmann@itcfollmann.com>
- Re: Completely locking out a user
  - From: Anssi Saari <as@sci.fi>

Prev by Date: Re: ASCII formatting for plain text email
Next by Date: Re: Completely locking out a user
Previous by thread: Resolved: (was: Re: OT: Auto repeat on <Escape> key (not a Debian specific question))
Next by thread: Re: Completely locking out a user
Index(es):
- Date
- Thread