Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
SLEM 5 must never automatically remove or disable emergency administrator accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-261356 | SLEM-05-411050 | SV-261356r996518_rule | Medium |
| Description |
|---|
| Emergency administrator accounts, also known as "last resort" or "break glass" accounts, are local logon accounts enabled on the system for emergency use by authorized system administrators to manage a system when standard logon methods are failing or not available. Emergency accounts are not subject to manual removal or scheduled expiration requirements. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide | 2024-06-04 |
Details
| Check Text ( C-65085r996517_chk ) |
|---|
| Verify SLEM 5 is configured such that emergency administrator accounts are never automatically removed or disabled with the following command: Note: Root is typically the "account of last resort" on a system and is also used as the example emergency administrator account. If another account is being used as the emergency administrator account, the command should be used against that account. > sudo chage -l Password expires: never Account expires: never If "Password expires" or "Account expires" is set to anything other than "never", this is a finding. |
| Fix Text (F-64993r995934_fix) |
|---|
| Configure SLEM 5 to never automatically remove or disable emergency administrator accounts. > sudo chage -I -1 -M 99999 |