5.4.1.4 Ensure inactive password lock is 30 days or less - useradd

Information

Inactive accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies.

Solution

Run the following command to set the default password inactivity period to 30 days: # useradd -D -f 30

Modify user parameters for all users with a password set to match: # chage --inactive 30 <user>

See Also

https://workbench.cisecurity.org/files/1863

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(3), CSCv6|16.1, CSCv6|16.6

Plugin: Unix

Control ID: 80ca23e28f3c112e539a7a7b6aa813211af458bed7ee8c51e2a83c2b8d330dff