UCF STIG Viewer Logo

Users must not be able to change passwords more than once every 24 hours.


Finding ID Version Rule ID IA Controls Severity
V-217888 RHEL-06-000051 SV-217888r505923_rule Medium
Setting the minimum password age protects against users cycling back to a favorite password after satisfying the password reuse requirement.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03


Check Text ( C-19369r376679_chk )
To check the minimum password age, run the command:

$ grep PASS_MIN_DAYS /etc/login.defs

The DoD requirement is 1.
If it is not set to the required value, this is a finding.
Fix Text (F-19367r376680_fix)
To specify password minimum age for new accounts, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately:


A value of 1 day is considered sufficient for many environments. The DoD requirement is 1.