STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

User passwords must be changed at least every 60 days.

DISA Rule

SV-208828r603263_rule

Vulnerability Number

V-208828

Group Title

SRG-OS-000076

Rule Version

OL6-00-000053

Severity

CAT II

CCI(s)

CCI-000199 - The information system enforces maximum password lifetime restrictions.

Weight

Fix Recommendation

To specify password maximum age for new accounts, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately:

PASS_MAX_DAYS [DAYS]

The DoD requirement is 60.

Check Contents

To check the maximum password age, run the command:

$ grep PASS_MAX_DAYS /etc/login.defs

The DoD requirement is 60.
If it is not set to the required value, this is a finding.

Vulnerability Number

V-208828

Documentable

False

Rule Version

OL6-00-000053

Severity Override Guidance

To check the maximum password age, run the command:

$ grep PASS_MAX_DAYS /etc/login.defs

The DoD requirement is 60.
If it is not set to the required value, this is a finding.

Check Content Reference

Target Key

2928

User passwords must be changed at least every 60 days.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments