UCF STIG Viewer Logo

Users must be warned 7 days in advance of password expiration.


Overview

Finding ID Version Rule ID IA Controls Severity
V-217890 RHEL-06-000054 SV-217890r505923_rule Low
Description
Setting the password warning age enables users to make the change at a practical time.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03

Details

Check Text ( C-19371r376685_chk )
To check the password warning age, run the command:

$ grep PASS_WARN_AGE /etc/login.defs

The DoD requirement is 7.
If it is not set to the required value, this is a finding.
Fix Text (F-19369r376686_fix)
To specify how many days prior to password expiration that a warning will be issued to users, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately:

PASS_WARN_AGE [DAYS]

The DoD requirement is 7.