STIGQter STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must automatically remove or disable emergency accounts after 72 hours.

DISA Rule

SV-219327r610963_rule

Vulnerability Number

V-219327

Group Title

SRG-OS-000123-GPOS-00064

Rule Version

UBTU-18-010447

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

If an emergency account must be created, configure the system to terminate the account after a 72 hour time period with the following command to set an expiration date on it. Substitute "account_name" with the account to be created.

# sudo chage -E $(date -d "+3 days" +%F) account_name

Check Contents

Verify the Ubuntu operating system expires emergency accounts within 72 hours or less.
For every emergency account, run the following command to obtain its account expiration information.

# sudo chage -l account_name | grep expires

Password expires : Aug 07, 2019
Account expires : Aug 07, 2019

Verify each of these accounts has an expiration date set within 72 hours of accounts' creation.
If any of these accounts do not expire within 72 hours of that account's creation, this is a finding.

Vulnerability Number

V-219327

Documentable

False

Rule Version

UBTU-18-010447

Severity Override Guidance

Verify the Ubuntu operating system expires emergency accounts within 72 hours or less.
For every emergency account, run the following command to obtain its account expiration information.

# sudo chage -l account_name | grep expires

Password expires : Aug 07, 2019
Account expires : Aug 07, 2019

Verify each of these accounts has an expiration date set within 72 hours of accounts' creation.
If any of these accounts do not expire within 72 hours of that account's creation, this is a finding.

Check Content Reference

M

Target Key

4055

Comments