UCF STIG Viewer Logo

User passwords must be changed at least every 60 days.


Finding ID Version Rule ID IA Controls Severity
V-217889 RHEL-06-000053 SV-217889r505923_rule Medium
Setting the password maximum age ensures users are required to periodically change their passwords. This could possibly decrease the utility of a stolen password. Requiring shorter password lifetimes increases the risk of users writing down the password in a convenient location subject to physical compromise.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03


Check Text ( C-19370r376682_chk )
To check the maximum password age, run the command:

$ grep PASS_MAX_DAYS /etc/login.defs

The DoD requirement is 60.
If it is not set to the required value, this is a finding.
Fix Text (F-19368r376683_fix)
To specify password maximum age for new accounts, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately:


The DoD requirement is 60.