UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Emergency accounts must be locked after 35 days of inactivity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48085 SOL-11.1-040300 SV-60957r1_rule Medium
Description
Inactive accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies.
STIG Date
Solaris 11 X86 Security Technical Implementation Guide 2019-09-24

Details

Check Text ( C-50517r1_chk )
Determine whether the 35-day inactivity lock is configured properly.

# useradd -D | xargs -n 1 | grep inactive |\
awk -F= '{ print $2 }'

If the command returns a result other than 35, this is a finding.

The root role is required for the "logins" command.

For each configured user name and role name on the system, determine whether a 35-day inactivity period is configured. Replace [username] with an actual user name or role name.

# logins -axo -l [username] | awk -F: '{ print $13 }'


If these commands provide output other than 35, this is a finding.
Fix Text (F-51693r1_fix)
The root role is required.

Perform the following to implement the recommended state:

# useradd -D -f 35

To set this policy on a user account, use the command(s):

# usermod -f 35 [username]

To set this policy on a role account, use the command(s):

# rolemod -f 35 [name]