System and Application account passwords must be changed at least annually.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-217891 | RHEL-06-000055 | SV-217891r505923_rule | Medium |
| Description |
|---|
| Any password, no matter how complex, can eventually be cracked. Therefore, system and application account passwords need to be changed periodically. If an organization fails to change the system and application account passwords at least annually, there is the risk that the account passwords could be compromised. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2020-09-03 |
Details
| Check Text ( C-19372r376688_chk ) |
|---|
| Obtain a list of approved system and application accounts from the ISSO. For each system and application account identified, run the following command: # chage -l Last password change : Nov 05, 2018 Password expires : Nov 04, 2019 Password inactive : Dec 10, 2019 Account expires : never Minimum number of days between password change : 1 Maximum number of days between password change : 365 Number of days of warning before password expires : 7 If "Maximum number of days between password change" is greater than "365", this is a finding. If the date of "Last password change" exceeds 365 days, this is a finding. If the date of "Password expires" is greater than 365 days from the date of "Last password change", this is a finding. |
| Fix Text (F-19370r376689_fix) |
|---|
| Set the "Maximum number of days between password change" to "365": # chage -M 365 Change the password for the system/application account: #passwd |