Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Pluggable Authentication Module (PAM) must prohibit the use of cached authentications after one day.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-75553 | UBTU-16-010690 | SV-90233r2_rule | Medium |
| Description |
|---|
| If cached authentication information is out-of-date, the validity of the authentication information may be questionable. |
| STIG | Date |
|---|---|
| Canonical Ubuntu 16.04 Security Technical Implementation Guide | 2019-12-23 |
Details
| Check Text ( C-75257r2_chk ) |
|---|
| Verify that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day. Note: If smart card authentication is not being used on the system this item is Not Applicable. Check that PAM prohibits the use of cached authentications after one day with the following command: # sudo grep -i "timestamp_timeout" /etc/pam.d/* timestamp_timeout=86400 If "timestamp_timeout" is not set to a value of "86400" or less, or is commented out, this is a finding. |
| Fix Text (F-82181r2_fix) |
|---|
| Configure Pluggable Authentication Module (PAM) to prohibit the use of cached authentications after one day. Add or change the following line in "/etc/pam.d/common-auth" or "/etc/pam.d/common-session" just below the line "[pam]". timestamp_timeout = 86400 |