Detections
Analytics

1.180 OL08-00-020200

Information

OL 8 user account passwords must have a 60-day maximum password lifetime restriction.

GROUP ID: V-248696
RULE ID: SV-248696r1038967

Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If OL 8 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that OL 8 passwords could be compromised.

Solution

Configure OL 8 to enforce a 60-day maximum password lifetime.

Add or modify the following line in the "/etc/login.defs" file:

PASS_MAX_DAYS 60

See Also

https://workbench.cisecurity.org/benchmarks/23791

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CAT|II, CCI|CCI-000199, CCI|CCI-004066, Rule-ID|SV-248696r1038967_rule, STIG-ID|OL08-00-020200, Vuln-ID|V-248696

Plugin: Unix

Control ID: c74846317d9fa5faf779e7f3e3184d87d02a9d424c8d4261f45eebc4cdb44f12