[Forgot Password]
Login  Register Subscribe

24547

 
 

132176

 
 

122448

 
 

909

 
 

100914

 
 

148

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-91246-9

Platform: ubuntu14.04Date: (C)2017-03-14   (M)2019-04-16



Set Password Expiration Days (Scored) The PASS_MAX_DAYS parameter in /etc/login.defs allows an administrator to force passwords to expire once they reach a defined age. It is recommended that the PASS_MAX_DAYS parameter be set to less than or equal to 90 days.


Parameter:


Technical Mechanism: The window of opportunity for an attacker to leverage compromised credentials or successfully compromise credentials via an online brute force attack is limited by the age of the password. Therefore, reducing the maximum age of a password also reduces an attacker's window of opportunity. Fix: Set the PASS_MAX_DAYS parameter to 90 in /etc/login.defs: PASS_MAX_DAYS 90 Modify active user parameters to match: # chage --maxdays 90 <user>

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:33944


OVAL    1
oval:org.secpod.oval:def:33944
XCCDF    2
xccdf_org.secpod_benchmark_SecPod_Ubuntu_14_04
xccdf_org.secpod_benchmark_general_Ubuntu_14_04

© SecPod Technologies