STIGQter STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018: The SLES for vRealize must disable account identifiers of individuals and roles (such as root) after 35 days of inactivity after password expiration.

DISA Rule

SV-99231r1_rule

Vulnerability Number

V-88581

Group Title

SRG-OS-000118-GPOS-00060

Rule Version

VROM-SL-000705

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure SLES for vRealize to disable account identifiers after "35" days of inactivity after the password expiration. Run the following command to change the configuration for useradd:

Replace [VALUE] in the command with any integer from the range 0<[VALUE]<= 35.

# sed -i "s/^.*\bINACTIVE\b.*$/INACTIVE=[VALUE]/" /etc/default/useradd

DoD recommendation is "35" days, but a lower value is acceptable. The value "-1" will disable this feature and "0" will disable the account immediately after the password expires.

Check Contents

Verify SLES for vRealize disables account identifiers after "35" days of inactivity after the password expiration, by performing the following commands:

# grep "INACTIVE" /etc/default/useradd

The output must indicate the "INACTIVE" configuration option is set to an appropriate integer as shown in the example below:

grep "INACTIVE" /etc/default/useradd
INACTIVE=35

If "INACTIVE" is not set to a value 0<[VALUE]<=35, this is a finding.

Vulnerability Number

V-88581

Documentable

False

Rule Version

VROM-SL-000705

Severity Override Guidance

Verify SLES for vRealize disables account identifiers after "35" days of inactivity after the password expiration, by performing the following commands:

# grep "INACTIVE" /etc/default/useradd

The output must indicate the "INACTIVE" configuration option is set to an appropriate integer as shown in the example below:

grep "INACTIVE" /etc/default/useradd
INACTIVE=35

If "INACTIVE" is not set to a value 0<[VALUE]<=35, this is a finding.

Check Content Reference

M

Target Key

3461

Comments