Check: OL6-00-000051
Oracle Linux 6 STIG:
OL6-00-000051
(in versions v2 r7 through v1 r9)
Title
Users must not be able to change passwords more than once every 24 hours. (Cat II impact)
Discussion
Setting the minimum password age protects against users cycling back to a favorite password after satisfying the password reuse requirement.
Check Content
To check the minimum password age, run the command: $ grep PASS_MIN_DAYS /etc/login.defs The DoD requirement is 1. If it is not set to the required value, this is a finding.
Fix Text
To specify password minimum age for new accounts, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately: PASS_MIN_DAYS [DAYS] A value of 1 day is considered sufficient for many environments. The DoD requirement is 1.
Additional Identifiers
Rule ID: SV-208827r793612_rule
Vulnerability ID: V-208827
Group Title: SRG-OS-000075
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000198 |
The information system enforces minimum password lifetime restrictions. |
Controls
Number | Title |
---|---|
IA-5 (1) |
Password-Based Authentication |