UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Users must be warned 7 days in advance of password expiration.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38480 RHEL-06-000054 SV-50280r1_rule Low
Description
Setting the password warning age enables users to make the change at a practical time.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2018-03-01

Details

Check Text ( C-46035r1_chk )
To check the password warning age, run the command:

$ grep PASS_WARN_AGE /etc/login.defs

The DoD requirement is 7.
If it is not set to the required value, this is a finding.
Fix Text (F-43425r1_fix)
To specify how many days prior to password expiration that a warning will be issued to users, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately:

PASS_WARN_AGE [DAYS]

The DoD requirement is 7.