UCF STIG Viewer Logo

The Ubuntu operating system must automatically remove or disable emergency accounts after 72 hours.


Overview

Finding ID Version Rule ID IA Controls Severity
V-219327 UBTU-18-010447 SV-219327r610963_rule Low
Description
Emergency accounts are different from infrequently used accounts (i.e., local logon accounts used by the organization's system administrators when network or normal logon/access is not available). Infrequently used accounts are not subject to automatic termination dates. Emergency accounts are accounts created in response to crisis situations, usually for use by maintenance personnel. The automatic expiration or disabling time period may be extended as needed until the crisis is resolved; however, it must not be extended indefinitely. A permanent account should be established for privileged users who need long-term maintenance accounts.
STIG Date
Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide 2022-12-06

Details

Check Text ( C-21052r305309_chk )
Verify the Ubuntu operating system expires emergency accounts within 72 hours or less.
For every emergency account, run the following command to obtain its account expiration information.

# sudo chage -l account_name | grep expires

Password expires : Aug 07, 2019
Account expires : Aug 07, 2019

Verify each of these accounts has an expiration date set within 72 hours of accounts' creation.
If any of these accounts do not expire within 72 hours of that account's creation, this is a finding.
Fix Text (F-21051r305310_fix)
If an emergency account must be created, configure the system to terminate the account after a 72 hour time period with the following command to set an expiration date on it. Substitute "account_name" with the account to be created.

# sudo chage -E $(date -d "+3 days" +%F) account_name