10.5 Lock Inactive User Accounts

Information

User accounts that have been inactive for over a given period of time can be automatically disabled. It is recommended that accounts that are inactive for 35 or more days be disabled.
Inactive accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies.

Solution

useradd -D -f 35

See Also

https://workbench.cisecurity.org/files/91