STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must automatically remove or disable temporary user accounts after 72 hours.

DISA Rule

SV-99005r1_rule

Vulnerability Number

V-88355

Group Title

SRG-OS-000002-GPOS-00002

Rule Version

VROM-SL-000010

Severity

CAT II

CCI(s)

• CCI-000016 - The information system automatically removes or disables temporary accounts after an organization-defined time period for each type of account.

Weight

10

Fix Recommendation

In the event temporary accounts are required, configure the system to terminate them after "72" hours. For every temporary account, run the following command to set an expiration date on it, substituting "system_account_name" for the appropriate value.

# chage -E `date -d "+3 days" +%Y-%m-%d` system_account_name

`date -d "+3 days" +%Y-%m-%d` gets the expiration date for the account at the time of running the command.

Check Contents

For every existing temporary account, run the following command to obtain its account expiration information.

# chage -l system_account_name

Verify each of these accounts has an expiration date set within "72" hours.

If any temporary accounts have no expiration date set or do not expire within "72" hours, this is a finding.

Vulnerability Number

V-88355

Documentable

False

Rule Version

VROM-SL-000010

Severity Override Guidance

For every existing temporary account, run the following command to obtain its account expiration information.

# chage -l system_account_name

Verify each of these accounts has an expiration date set within "72" hours.

If any temporary accounts have no expiration date set or do not expire within "72" hours, this is a finding.

Check Content Reference

M

Target Key

3461

Comments