Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-40492 | GEN000000-HPUX0450 | SV-52481r1_rule | ECSC-1 | Medium |
Description |
---|
Password aging attributes are stored in /etc/default/security and /etc/shadow. Anytime a password aging policy is changed, policy requirements are updated in /etc/default/security. If the system is allowed to override or ignore updates made to /etc/default/security, deprecated password aging policies will remain intact and never enforce newer requirements. |
STIG | Date |
---|---|
HP-UX 11.31 Security Technical Implementation Guide | 2017-12-08 |
Check Text ( C-47028r1_chk ) |
---|
For Trusted Mode: If the system is operating in Trusted Mode, this check is not applicable. For SMSE: Check the OVERRIDE_SYSDEF_PWAGE attribute setting. # grep OVERRIDE_SYSDEF_PWAGE /etc/default/security If the OVERRIDE_SYSDEF_PWAGE attribute is missing or not set to 0, this is a finding. |
Fix Text (F-45441r1_fix) |
---|
If the system is operating in Trusted Mode, no fix is required. For SMSE: Note: There may be additional package/bundle updates that must be installed to support attributes in the /etc/default/security file. Use the SAM/SMH interface (/etc/default/security file) to update the OVERRIDE_SYSDEF_PWAGE attribute. See the below example: OVERRIDE_SYSDEF_PWAGE=0 Note: If manually editing the /etc/default/security file, save any change(s) before exiting the editor. |