STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Temporary accounts must be provisioned with an expiration date.

DISA Rule

SV-209027r603263_rule

Vulnerability Number

V-209027

Group Title

SRG-OS-000002

Rule Version

OL6-00-000297

Severity

CAT III

CCI(s)

• CCI-000016 - The information system automatically removes or disables temporary accounts after an organization-defined time period for each type of account.

Weight

10

Fix Recommendation

In the event temporary accounts are required, configure the system to terminate them after a documented time period.

For every temporary account, run the following command to set an expiration date on it, substituting "[USER]" and "[YYYY-MM-DD]" appropriately:

# chage -E [YYYY-MM-DD] [USER]

"[YYYY-MM-DD]" indicates the documented expiration date for the account.

Check Contents

For every temporary account, run the following command to obtain its account aging and expiration information:

# chage -l [USER]

Verify each of these accounts has an expiration date set as documented.

If any temporary accounts have no expiration date set or do not expire within a documented time frame, this is a finding.

Vulnerability Number

V-209027

Documentable

False

Rule Version

OL6-00-000297

Severity Override Guidance

For every temporary account, run the following command to obtain its account aging and expiration information:

# chage -l [USER]

Verify each of these accounts has an expiration date set as documented.

If any temporary accounts have no expiration date set or do not expire within a documented time frame, this is a finding.

Check Content Reference

M

Target Key

2928

Comments