STIGQter STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Emergency accounts must be provisioned with an expiration date.

DISA Rule

SV-209028r603263_rule

Vulnerability Number

V-209028

Group Title

SRG-OS-000123

Rule Version

OL6-00-000298

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

In the event emergency accounts are required, configure the system to terminate them after a documented time period.

For every emergency account, run the following command to set an expiration date on it, substituting "[USER]" and "[YYYY-MM-DD]" appropriately:

# chage -E [YYYY-MM-DD] [USER]

"[YYYY-MM-DD]" indicates the documented expiration date for the account.

Check Contents

For every emergency account, run the following command to obtain its account aging and expiration information:

# chage -l [USER]

Verify each of these accounts has an expiration date set as documented.

If any emergency accounts have no expiration date set or do not expire within a documented time frame, this is a finding.

Vulnerability Number

V-209028

Documentable

False

Rule Version

OL6-00-000298

Severity Override Guidance

For every emergency account, run the following command to obtain its account aging and expiration information:

# chage -l [USER]

Verify each of these accounts has an expiration date set as documented.

If any emergency accounts have no expiration date set or do not expire within a documented time frame, this is a finding.

Check Content Reference

M

Target Key

2928

Comments