UCF STIG Viewer Logo

User passwords must be changed at least every 60 days.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38479 RHEL-06-000053 SV-50279r1_rule Medium
Description
Setting the password maximum age ensures users are required to periodically change their passwords. This could possibly decrease the utility of a stolen password. Requiring shorter password lifetimes increases the risk of users writing down the password in a convenient location subject to physical compromise.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2015-05-26

Details

Check Text ( C-46034r1_chk )
To check the maximum password age, run the command:

$ grep PASS_MAX_DAYS /etc/login.defs

The DoD requirement is 60.
If it is not set to the required value, this is a finding.
Fix Text (F-43424r1_fix)
To specify password maximum age for new accounts, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately:

PASS_MAX_DAYS [DAYS]

The DoD requirement is 60.