UCF STIG Viewer Logo

Users must be warned 7 days in advance of password expiration.


Finding ID Version Rule ID IA Controls Severity
V-217890 RHEL-06-000054 SV-217890r505923_rule Low
Setting the password warning age enables users to make the change at a practical time.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03


Check Text ( C-19371r376685_chk )
To check the password warning age, run the command:

$ grep PASS_WARN_AGE /etc/login.defs

The DoD requirement is 7.
If it is not set to the required value, this is a finding.
Fix Text (F-19369r376686_fix)
To specify how many days prior to password expiration that a warning will be issued to users, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately:


The DoD requirement is 7.