Disabling Accounts

OS

If you need to disable an OS user account, you can expire the account using usermod --expiredate 1. For example, to disable the account for user tom:

sudo usermod --expiredate 1 tom

For more information, please see passwd manual by typing man passwd and the usermod manual by typing man usermod.

SOC

If you need to disable an account in Security Onion Console (SOC), you can go to the Administration interface, expand the user account, and click the LOCK USER button.

After disabling a user account, the Administration page will show the disabled user account with a disabled icon in the Status column:

For more information about the Users page, please see the Administration section.