7.5 Lock Inactive User Accounts - INACTIVE=35

Information

Guidelines published by the U.S. Department of Defense specify that user accounts must be locked out after 35 days of inactivity. This number may vary based on the particular site's policy.

Rationale:

Inactive accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies.

Solution

Run the following command to set the default password inactivity period to 35 days:

# useradd -D -f 35

Default Value:

OS Default: No

See Also

https://workbench.cisecurity.org/files/3096