SLEM 5 must never automatically remove or disable emergency administrator accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-261356 | SLEM-05-411050 | SV-261356r996518_rule | CCI-001682 | medium |
| Description | ||||
| Emergency administrator accounts, also known as "last resort" or "break glass" accounts, are local logon accounts enabled on the system for emergency use by authorized system administrators to manage a system when standard logon methods are failing or not available. Emergency accounts are not subject to manual removal or scheduled expiration requirements. | ||||
| STIG | Date | |||
| SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide | 2025-05-08 | |||
Details
Check Text (C-261356r996518_chk)
Verify SLEM 5 is configured such that emergency administrator accounts are never automatically removed or disabled with the following command:
Note: Root is typically the "account of last resort" on a system and is also used as the example emergency administrator account. If another account is being used as the emergency administrator account, the command should be used against that account.
> sudo chage -l <emergency_administrator_account_name> | grep -E '(Password|Account) expires'
Password expires: never
Account expires: never
If "Password expires" or "Account expires" is set to anything other than "never", this is a finding.
Fix Text (F-64993r995934_fix)
Configure SLEM 5 to never automatically remove or disable emergency administrator accounts.
> sudo chage -I -1 -M 99999 <emergency_administrator_account_name>