[Forgot Password]
Login  Register Subscribe

24437

 
 

132035

 
 

118989

 
 

909

 
 

93902

 
 

143

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-91246-9

Platform: ubuntu14.04Date: (C)2017-03-14   (M)2019-02-28



Set Password Expiration Days (Scored) The PASS_MAX_DAYS parameter in /etc/login.defs allows an administrator to force passwords to expire once they reach a defined age. It is recommended that the PASS_MAX_DAYS parameter be set to less than or equal to 90 days.


Parameter:


Technical Mechanism: The window of opportunity for an attacker to leverage compromised credentials or successfully compromise credentials via an online brute force attack is limited by the age of the password. Therefore, reducing the maximum age of a password also reduces an attacker's window of opportunity. Fix: Set the PASS_MAX_DAYS parameter to 90 in /etc/login.defs: PASS_MAX_DAYS 90 Modify active user parameters to match: # chage --maxdays 90 <user>

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:33944


OVAL    1
oval:org.secpod.oval:def:33944
XCCDF    2
xccdf_org.secpod_benchmark_general_Ubuntu_14_04
xccdf_org.secpod_benchmark_SecPod_Ubuntu_14_04

© SecPod Technologies