STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

SLES for vRealize must enforce a 60-day maximum password lifetime restriction.

DISA Rule

SV-99119r1_rule

Vulnerability Number

V-88469

Group Title

SRG-OS-000076-GPOS-00044

Rule Version

VROM-SL-000385

Severity

CAT II

CCI(s)

• CCI-000199 - The information system enforces maximum password lifetime restrictions.

Weight

10

Fix Recommendation

To configure SLES for vRealize to enforce a "60" day or less maximum password age, edit the file "/etc/login.defs" and add or correct the following line. Replace [DAYS] with the appropriate amount of days.

# sed -i "/^[^#]*PASS_MAX_DAYS/ c\PASS_MAX_DAYS 60" /etc/login.defs

The DoD requirement is "60" days or less (Greater than zero, as zero days will lock the account immediately).

Check Contents

To check that SLES for vRealize enforces a "60" days or less maximum password age, run the following command:

# grep PASS_MAX_DAYS /etc/login.defs | grep -v "#"

The DoD requirement is "60" days or less (Greater than zero, as zero days will lock the account immediately).

If "PASS_MAX_DAYS" is not set to the required value, this is a finding.

Vulnerability Number

V-88469

Documentable

False

Rule Version

VROM-SL-000385

Severity Override Guidance

To check that SLES for vRealize enforces a "60" days or less maximum password age, run the following command:

# grep PASS_MAX_DAYS /etc/login.defs | grep -v "#"

The DoD requirement is "60" days or less (Greater than zero, as zero days will lock the account immediately).

If "PASS_MAX_DAYS" is not set to the required value, this is a finding.

Check Content Reference

M

Target Key

3461

Comments