STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.

DISA Rule

SV-234871r622137_rule

Vulnerability Number

V-234871

Group Title

SRG-OS-000118-GPOS-00060

Rule Version

SLES-15-020050

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system to disable account identifiers after 35 days of inactivity after the password expiration.

Run the following command to change the configuration for "useradd" to disable the account identifier after "35" days:

> sudo useradd -D -f 35

DoD recommendation is "35" days, but a lower value greater than "0" is acceptable.

Check Contents

Verify the SUSE operating system disables account identifiers after 35 days of inactivity after the password expiration

Check the account inactivity value by performing the following command:

> sudo grep -i '^inactive' /etc/default/useradd

INACTIVE=35

If no output is produced, or if "INACTIVE" is not set to a value greater than "0" and less than or equal to "35", this is a finding.

Vulnerability Number

V-234871

Documentable

False

Rule Version

SLES-15-020050

Severity Override Guidance

Verify the SUSE operating system disables account identifiers after 35 days of inactivity after the password expiration

Check the account inactivity value by performing the following command:

> sudo grep -i '^inactive' /etc/default/useradd

INACTIVE=35

If no output is produced, or if "INACTIVE" is not set to a value greater than "0" and less than or equal to "35", this is a finding.

Check Content Reference

M

Target Key

5274

Comments