STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system must never automatically remove or disable emergency administrator accounts.

DISA Rule

SV-217135r603262_rule

Vulnerability Number

V-217135

Group Title

SRG-OS-000123-GPOS-00064

Rule Version

SLES-12-010330

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system to never automatically remove or disable emergency administrator accounts.

Replace "[Emergency_Administrator]" in the following command with the correct emergency administrator account. Run the following command as an administrator:

# sudo chage -I -1 -M 99999 [Emergency_Administrator]

Check Contents

Verify the SUSE operating system is configured such that emergency administrator accounts are never automatically removed or disabled.

Note: Root is typically the "account of last resort" on a system and is also used as the example emergency administrator account. If another account is being used as the emergency administrator account, the command should be used against that account.

Check to see if the root account password or account expires with the following command:

# sudo chage -l [Emergency_Administrator]

Password expires:never

If "Password expires" or "Account expires" is set to anything other than "never", this is a finding.

Vulnerability Number

V-217135

Documentable

False

Rule Version

SLES-12-010330

Severity Override Guidance

Verify the SUSE operating system is configured such that emergency administrator accounts are never automatically removed or disabled.

Note: Root is typically the "account of last resort" on a system and is also used as the example emergency administrator account. If another account is being used as the emergency administrator account, the command should be used against that account.

Check to see if the root account password or account expires with the following command:

# sudo chage -l [Emergency_Administrator]

Password expires:never

If "Password expires" or "Account expires" is set to anything other than "never", this is a finding.

Check Content Reference

M

Target Key

4033

Comments