STIGQter STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must provision temporary user accounts with an expiration time of 72 hours or less.

DISA Rule

SV-219329r610963_rule

Vulnerability Number

V-219329

Group Title

SRG-OS-000002-GPOS-00002

Rule Version

UBTU-18-010449

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If a temporary account must be created configure the system to terminate the account after a 72 hour time period with the following command to set an expiration date on it. Substitute "system_account_name" with the account to be created.

# sudo chage -E $(date -d "+3 days" +%F) system_account_name

Check Contents

Verify the Ubuntu operating system expires temporary user accounts within 72 hours or less.

For every existing temporary account, run the following command to obtain its account expiration information.

# sudo chage -l system_account_name | grep expires

Password expires : Aug 07, 2019
Account expires : Aug 07, 2019

Verify each of these accounts has an expiration date set within 72 hours of accounts' creation.
If any temporary account does not expire within 72 hours of that account's creation, this is a finding.

Vulnerability Number

V-219329

Documentable

False

Rule Version

UBTU-18-010449

Severity Override Guidance

Verify the Ubuntu operating system expires temporary user accounts within 72 hours or less.

For every existing temporary account, run the following command to obtain its account expiration information.

# sudo chage -l system_account_name | grep expires

Password expires : Aug 07, 2019
Account expires : Aug 07, 2019

Verify each of these accounts has an expiration date set within 72 hours of accounts' creation.
If any temporary account does not expire within 72 hours of that account's creation, this is a finding.

Check Content Reference

M

Target Key

4055

Comments