Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-47953 | SOL-11.1-040030 | SV-60825r2_rule | Medium |
Description |
---|
Passwords need to be changed at specific policy-based intervals; however, if the information system or application allows the user to immediately and continually change their password, then the password could be repeatedly changed in a short period of time, defeating the organization's policy regarding password reuse. |
STIG | Date |
---|---|
Solaris 11 X86 Security Technical Implementation Guide | 2016-06-29 |
Check Text ( C-50389r3_chk ) |
---|
The root role is required. Check whether the minimum time period between password changes for each user account is 1 day or greater. # awk -F: '$4 < 1 {print $1}' /etc/shadow If any results are returned that are not associated with a system account, this is a finding. Check that /etc/default/password is configured to minimum password change time of 1 week. # grep "^MINWEEKS=" /etc/default/passwd If the command does not report MINWEEKS=1, this is a finding. |
Fix Text (F-51565r1_fix) |
---|
The root role is required. # pfedit /etc/default/passwd file. Locate the line containing: MINWEEKS Change the line to read: MINWEEKS=1 Set the per-user minimum password change times by using the following command on each user account. # passwd -n [number of days] [accountname] |