I tried to harden my Ubuntu 20.04 installation as per instructions in https://ubuntu.com/security/certifications/docs/cis. After running the hardening script as specified, I could not run the CIS audit command (sudo cis-audit level1_workstation). My password was not accepted (system came back asking Is your account locked). After restarting, I could neither log on as root nor as a regular user. Logging in from another computer via ssh -v login was denied with message that account has expired. I did notice that PAM was downloaded as part of the hardening process and session level configurations were created inside the config file. Now I have no access to the computer. Can someone help?
Asked
Active
Viewed 1,419 times
0
-
Are you asking about CIS hardening using a paid Ubuntu Advantage subscription? – user535733 Aug 31 '21 at 19:19
-
No. While it is through the UbuntuOne platform, as an individual I did not have to get a paid subscription. – STT Aug 31 '21 at 19:50
-
This should be treated as a Learning Experience. One should never blindly follow a "recipe", without understanding what the actions are, their consequences, and how they will affect your day-to-day process. As for a "fix", NO. That's equivalent to "How can I break into a "CIS hardend" system?". If I knew that, I'd file a bug report with CIS, and get famous, not tell Stack Exchange. Use your physical access to the machine to reinstall. – waltinator Aug 31 '21 at 23:41
-
UTBLT Using Tool Before Learning Tool. – waltinator Aug 31 '21 at 23:59
-
Yes, lesson learnt. CIS hardening made my system as hard as a brick and as useful. Granted, I am not an expert in security, but should such recipes not come with a warning that All accounts might expire with no way out? In the past I have stayed away from changes where similar warnings were put out. – STT Sep 01 '21 at 02:50
1 Answers
0
Same happened for me. Boot into single user mode to access root console, as explained in this answer, then try to reset password using passwd
Lorenz Keel
- 8,905
