STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

SLES for vRealize must enforce a 60-day maximum password lifetime restriction.

DISA Rule

SV-100231r1_rule

Vulnerability Number

V-89581

Group Title

SRG-OS-000076-GPOS-00044

Rule Version

VRAU-SL-000390

Severity

CAT II

CCI(s)

• CCI-000199 - The information system enforces maximum password lifetime restrictions.

Weight

10

Fix Recommendation

To configure the SLES for vRealize to enforce a 60-day or less maximum password age, edit the file "/etc/login.defs" and add or correct the following line. Replace [DAYS] with the appropriate amount of days.

# sed -i "/^[^#]*PASS_MAX_DAYS/ c\PASS_MAX_DAYS 60" /etc/login.defs

The DoD requirement is "60" days or less (greater than zero, as zero days will lock the account immediately).

Check Contents

To check that the SLES for vRealize enforces a 60-days or less maximum password age, run the following command:

# grep PASS_MAX_DAYS /etc/login.defs | grep -v "#"

The DoD requirement is "60" days or less (greater than zero, as zero days will lock the account immediately).

If "PASS_MAX_DAYS" is not set to the required value, this is a finding.

Vulnerability Number

V-89581

Documentable

False

Rule Version

VRAU-SL-000390

Severity Override Guidance

To check that the SLES for vRealize enforces a 60-days or less maximum password age, run the following command:

# grep PASS_MAX_DAYS /etc/login.defs | grep -v "#"

The DoD requirement is "60" days or less (greater than zero, as zero days will lock the account immediately).

If "PASS_MAX_DAYS" is not set to the required value, this is a finding.

Check Content Reference

M

Target Key

3459

Comments