Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-48083 | SOL-11.1-040290 | SV-60955r1_rule | Medium |
Description |
---|
Inactive accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies. |
STIG | Date |
---|---|
Solaris 11 X86 Security Technical Implementation Guide | 2015-04-03 |
Check Text ( C-50515r1_chk ) |
---|
Determine whether the 35-day inactivity lock is configured properly. # useradd -D | xargs -n 1 | grep inactive |\ awk -F= '{ print $2 }' If the command returns a result other than 35, this is a finding. The root role is required for the "logins" command. For each configured user name and role name on the system, determine whether a 35-day inactivity period is configured. Replace [username] with an actual user name or role name. # logins -axo -l [username] | awk -F: '{ print $13 }' If these commands provide output other than 35, this is a finding. |
Fix Text (F-51691r1_fix) |
---|
The root role is required. Perform the following to implement the recommended state: # useradd -D -f 35 To set this policy on a user account, use the command(s): # usermod -f 35 [username] To set this policy on a role account, use the command(s): # rolemod -f 35 [name] |