Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-208828 | OL6-00-000053 | SV-208828r505921_rule | Medium |
Description |
---|
Setting the password maximum age ensures users are required to periodically change their passwords. This could possibly decrease the utility of a stolen password. Requiring shorter password lifetimes increases the risk of users writing down the password in a convenient location subject to physical compromise. |
STIG | Date |
---|---|
Oracle Linux 6 Security Technical Implementation Guide | 2020-09-10 |
Check Text ( C-9081r357464_chk ) |
---|
To check the maximum password age, run the command: $ grep PASS_MAX_DAYS /etc/login.defs The DoD requirement is 60. If it is not set to the required value, this is a finding. |
Fix Text (F-9081r357465_fix) |
---|
To specify password maximum age for new accounts, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately: PASS_MAX_DAYS [DAYS] The DoD requirement is 60. |