STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must automatically remove or disable temporary user accounts after 72 hours.

DISA Rule

SV-100115r1_rule

Vulnerability Number

V-89465

Group Title

SRG-OS-000002-GPOS-00002

Rule Version

VRAU-SL-000010

Severity

CAT II

CCI(s)

• CCI-000016 - The information system automatically removes or disables temporary accounts after an organization-defined time period for each type of account.

Weight

10

Fix Recommendation

In the event temporary accounts are required, configure the system to terminate them after a 72-hour time period. For every temporary account, run the following command to set an expiration date on it, substituting "system_account_name" to the appropriate value:

# chage -E `date -d "+3 days" +%Y-%m-%d` system_account_name

`date -d "+3 days" +%Y-%m-%d` gets the "72" expiration date for the account at the time of running the command.

Check Contents

For every existing temporary account, run the following command to obtain its account expiration information:

# chage -l system_account_name

Verify each of these accounts has an expiration date set within "72" hours.

If any temporary accounts have no expiration date set or do not expire within "72" hours, this is a finding.

Vulnerability Number

V-89465

Documentable

False

Rule Version

VRAU-SL-000010

Severity Override Guidance

For every existing temporary account, run the following command to obtain its account expiration information:

# chage -l system_account_name

Verify each of these accounts has an expiration date set within "72" hours.

If any temporary accounts have no expiration date set or do not expire within "72" hours, this is a finding.

Check Content Reference

M

Target Key

3459

Comments