Detections
Analytics
AZLX-23-002415 - Amazon Linux 2023 must automatically remove or disable temporary user accounts after 72 hours.
Information
If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation.NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure Amazon Linux 2023 temporary accounts to have an expiration date of 72 hours.If a temporary account must be created configure the system to terminate the account after a 72 hour time period with the following command to set an expiration date on it. Substitute "system_account_name" with the account to be created.
$ sudo chage -E $(date -d +3days +%Y-%m-%d) system_account_name
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Amazon_Linux_2023_V1R2_STIG.zip
Item Details
Audit Name: DISA Amazon Linux 2023 STIG v1r2
Category: ACCESS CONTROL
References: 800-53|AC-2(2), CAT|II, CCI|CCI-000016, Rule-ID|SV-274146r1120426_rule, STIG-ID|AZLX-23-002415, Vuln-ID|V-274146
Plugin: Unix
Control ID: 81fc1afb2950c888120babf1218876219ad6fc84882b426d6e377707a285000c