Accounts Expired after CIS Hardening on Ubuntu 20.04 - Workstation Level 1

STT

12/31/22, 6:51 PM

I tried to harden my Ubuntu 20.04 installation as per instructions in https://ubuntu.com/security/certifications/docs/cis. After running the hardening script as specified, I could not run the CIS audit command (sudo cis-audit level1_workstation). My password was not accepted (system came back asking Is your account locked). After restarting, I could neither log on as root nor as a regular user. Logging in from another computer via ssh -v login was denied with message that account has expired. I did notice that PAM was downloaded as part of the hardening process and session level configurations were created inside the config file. Now I have no access to the computer. Can someone help?

209

0 + 5

security

20.04

user535733

12/31/22, 7:19 PM

Are you asking about CIS hardening using a paid Ubuntu Advantage subscription?

STT

12/31/22, 7:50 PM

No. While it is through the UbuntuOne platform, as an individual I did not have to get a paid subscription.

waltinator

12/31/22, 11:41 PM

This should be treated as a Learning Experience. One should never blindly follow a "recipe", without understanding what the actions are, their consequences, and how they will affect your day-to-day process. As for a "fix", NO. That's equivalent to "How can I break into a "CIS hardend" system?". If I knew that, I'd file a bug report with CIS, and get famous, not tell Stack Exchange. Use your physical access to the machine to reinstall.

waltinator

12/31/22, 11:59 PM

UTBLT Using Tool Before Learning Tool.

STT

1/1/23, 2:50 AM

Yes, lesson learnt. CIS hardening made my system as hard as a brick and as useful. Granted, I am not an expert in security, but should such recipes not come with a warning that All accounts might expire with no way out? In the past I have stayed away from changes where similar warnings were put out.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Accounts Expired after CIS Hardening on Ubuntu 20.04 - Workstation Level 1

TH: บัญชีหมดอายุหลังจาก CIS Hardening บน Ubuntu 20.04 - เวิร์กสเตชันระดับ 1

RO: Conturile au expirat după consolidarea CIS pe Ubuntu 20.04 - Stație de lucru Nivelul 1

RU: Срок действия учетных записей истек после усиления безопасности CIS в Ubuntu 20.04 — уровень рабочей станции 1

VI: Tài khoản đã hết hạn sau khi gia cố CIS trên Ubuntu 20.04 - Máy trạm cấp 1

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.