SV-216322r603267_rule
V-216322
SRG-OS-000002
SOL-11.1-040020
CAT III
10
The User Security role is required.
Apply an expiration date to temporary users.
# pfexec usermod -e "[date]" [username]
Enter the date in the form mm/dd/yyyy such that it is within 72 hours.
The root role is required.
Determine if an expiration date is set for temporary accounts.
# logins -aox |awk -F: '($14 == "0") {print}'
This command produces a list of accounts with no expiration date set. If any of these accounts are temporary accounts, this is a finding.
# logins -aox |awk -F: '($14 != "0") {print}'
This command produces a list of accounts with an expiration date set as defined in the last field. If any accounts have a date that is not within 72 hours, this is a finding.
V-216322
False
SOL-11.1-040020
The root role is required.
Determine if an expiration date is set for temporary accounts.
# logins -aox |awk -F: '($14 == "0") {print}'
This command produces a list of accounts with no expiration date set. If any of these accounts are temporary accounts, this is a finding.
# logins -aox |awk -F: '($14 != "0") {print}'
This command produces a list of accounts with an expiration date set as defined in the last field. If any accounts have a date that is not within 72 hours, this is a finding.
M
4022