UCF STIG Viewer Logo

Users must be warned 7 days in advance of password expiration.


Finding ID Version Rule ID IA Controls Severity
V-38480 RHEL-06-000054 SV-50280r1_rule Low
Setting the password warning age enables users to make the change at a practical time.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2015-05-26


Check Text ( C-46035r1_chk )
To check the password warning age, run the command:

$ grep PASS_WARN_AGE /etc/login.defs

The DoD requirement is 7.
If it is not set to the required value, this is a finding.
Fix Text (F-43425r1_fix)
To specify how many days prior to password expiration that a warning will be issued to users, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately:


The DoD requirement is 7.