GEN000540 - Users must not be able to change passwords more than once every 24 hours - /etc/shadow

Information

The ability to change passwords frequently facilitates users reusing the same password. This can result in users effectively never changing their passwords. This would be accomplished by users changing their passwords when required and then immediately changing it to the original value.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Edit the /etc/default/passwd file and set the variable 'MINWEEKS' to 1 or greater.
Set the per-user minimum password change times by using the following command on each user account.
# passwd -n <number of days> <accountname>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R4_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d), CAT|II, CCI|CCI-000198, Rule-ID|SV-227581r603266_rule, STIG-ID|GEN000540, STIG-Legacy|SV-39809, STIG-Legacy|V-1032, Vuln-ID|V-227581

Plugin: Unix

Control ID: 745666cf9ea19c4db1ceeee7a43db3c54d0d106216528143c2d1c4a97f8010bc