nss.nologin.shell

This configuration parameter enables you to specify one or more non-login shells for audited users. In most cases, when audited users log on, they are placed in a wrapper shell so that their activity can be captured and sent to a collector. To use a real shell instead of the wrapper shell, you can specify shells to be non-login shells for audited users to access. After you set this parameter, you should restart the auditing service (dad).

For example, to define the shells /sbin/shell_test1 and /bin/shell_test2 as a non-login shells, you would type:

nss.nologin.shell: /sbin/shell_test1 /bin/shell_test2

If this parameter is not configured, the default no-login shells /sbin/nologin and /bin/false are used.