RHEL-06-000055 - System and Application account passwords must be changed at least annually.

Information

Any password, no matter how complex, can eventually be cracked. Therefore, system and application account passwords need to be changed periodically. If an organization fails to change the system and application account passwords at least annually, there is the risk that the account passwords could be compromised.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Set the 'Maximum number of days between password change' to '365':
# chage -M 365 <application_account>

Change the password for the system/application account:
#passwd <application_account>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_6_V2R2_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d), CAT|II, CCI|CCI-000199, Rule-ID|SV-217891r603264_rule, STIG-ID|RHEL-06-000055, STIG-Legacy|SV-102359, STIG-Legacy|V-92257, Vuln-ID|V-217891

Plugin: Unix

Control ID: 377182baba9cc8778c581f6af06822eb70a033fd439aeb8fdadea5ce9017ea92