InformationUser accounts that have been inactive for over a given period of time can be automatically disabled. It is recommended that accounts that are inactive for 30 days after password expiration be disabled.
Note: A value of -1 would disable this setting.
Inactive accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies.
SolutionRun the following command to set the default password inactivity period to 30 days:
# useradd -D -f 30
Modify user parameters for all users with a password set to match:
# chage --inactive 30 <user>
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|16.9
Control ID: 141bfaae22882b40dba1b603c5fd06f62a65b67911877586e30246646cba51dd