Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Temporary and emergency accounts must be provisioned with an expiration date.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| RHEL-06-000297 | RHEL-06-000297 | RHEL-06-000297_rule | Low |
| Description |
|---|
| When temporary and emergency accounts are created, there is a risk they may remain in place and active after the need for them no longer exists. Account expiration greatly reduces the risk of accounts being misused or hijacked. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2013-02-05 |
Details
| Check Text ( C-RHEL-06-000297_chk ) |
|---|
| For every temporary and emergency account, run the following command to obtain its account aging and expiration information: # chage -l [USER] Verify each of these accounts has an expiration date set as documented. If any temporary or emergency accounts have no expiration date set or do not expire within a documented time frame, this is a finding. |
| Fix Text (F-RHEL-06-000297_fix) |
|---|
| In the event temporary or emergency accounts are required, configure the system to terminate them after a documented time period. For every temporary and emergency account, run the following command to set an expiration date on it, substituting "[USER]" and "[YYYY-MM-DD]" appropriately: # chage -E [YYYY-MM-DD USER] "[YYYY-MM-DD]" indicates the documented expiration date for the account. |