STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system must employ user passwords with a maximum lifetime of 60 days.

DISA Rule

SV-217131r646704_rule

Vulnerability Number

V-217131

Group Title

SRG-OS-000076-GPOS-00044

Rule Version

SLES-12-010290

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system to enforce a maximum password age of each [USER] account to 60 days. The command in the check text will give a list of users that need to be updated to be in compliance:

> sudo passwd -x 60 [USER]

The DoD requirement is 60 days.

Check Contents

Verify that the SUSE operating system enforces a maximum user password age of 60 days or less.

Check that the SUSE operating system enforces 60 days or less as the maximum user password age with the following command:

> sudo awk -F: '$5 > 60 || $5 == "" {print $1 ":" $5}' /etc/shadow

If any results are returned that are not associated with a system account, this is a finding.

Vulnerability Number

V-217131

Documentable

False

Rule Version

SLES-12-010290

Severity Override Guidance

Verify that the SUSE operating system enforces a maximum user password age of 60 days or less.

Check that the SUSE operating system enforces 60 days or less as the maximum user password age with the following command:

> sudo awk -F: '$5 > 60 || $5 == "" {print $1 ":" $5}' /etc/shadow

If any results are returned that are not associated with a system account, this is a finding.

Check Content Reference

M

Target Key

4033

Comments