UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The operating system must automatically terminate temporary accounts within 72 hours.


Overview

Finding ID Version Rule ID IA Controls Severity
V-47949 SOL-11.1-040020 SV-60821r1_rule Low
Description
If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation. Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts without the demand for immediacy in account activation. If temporary accounts are used, the operating system must be configured to automatically terminate these types of accounts after a DoD-defined time period of 72 hours. When temporary and emergency accounts are created, there is a risk the temporary account may remain in place and active after the need for the account no longer exists. To address this, in the event temporary accounts are required, accounts designated as temporary in nature must be automatically terminated after 72 hours. Such a process and capability greatly reduces the risk of accounts being misused, hijacked, or data compromised.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2015-04-03

Details

Check Text ( C-50385r1_chk )
The root role is required.

Determine if an expiration date is set for temporary accounts.

# logins -aox |awk -F: '($14 == "0") {print}'

This command produces a list of accounts with no expiration date set. If any of these accounts are temporary accounts, this is a finding.

# logins -aox |awk -F: '($14 != "0") {print}'

This command produces a list of accounts with an expiration date set as defined in the last field. If any accounts have a date that is not within 72 hours, this is a finding.
Fix Text (F-51561r1_fix)
The User Security role is required.

Apply an expiration date to temporary users.

# pfexec usermod -e "[date]" [username]

Enter the date in the form mm/dd/yyyy such that it is within 72 hours.