Detections
Analytics

1.267 RHEL-09-411015

Information

RHEL 9 user account passwords must have a 60-day maximum password lifetime restriction.

GROUP ID: V-258042
RULE ID: SV-258042r1045133

Any password, no matter how complex, can eventually be cracked; therefore, passwords need to be changed periodically. If RHEL 9 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that RHEL 9 passwords could be compromised.

Solution

Configure noncompliant accounts to enforce a 60-day maximum password lifetime restriction.

passwd -x 60 [user]

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, 800-53|IA-5(1), CAT|II, CCI|CCI-000199, CCI|CCI-004066, Rule-ID|SV-258042r1045133_rule, STIG-ID|RHEL-09-411015, Vuln-ID|V-258042

Plugin: Unix

Control ID: d6ece80f443eb149d53a79a02d95e39e5d80282a5d65fd355aaf8e872593424e