Check: RHEL-06-000298
Red Hat Enterprise Linux 6 STIG:
RHEL-06-000298
(in versions v2 r2 through v1 r14)
Title
Emergency accounts must be provisioned with an expiration date. (Cat III impact)
Discussion
When emergency accounts are created, there is a risk they may remain in place and active after the need for them no longer exists. Account expiration greatly reduces the risk of accounts being misused or hijacked.
Check Content
For every emergency account, run the following command to obtain its account aging and expiration information: # chage -l [USER] Verify each of these accounts has an expiration date set as documented. If any emergency accounts have no expiration date set or do not expire within a documented time frame, this is a finding.
Fix Text
In the event emergency accounts are required, configure the system to terminate them after a documented time period. For every emergency account, run the following command to set an expiration date on it, substituting "[USER]" and "[YYYY-MM-DD]" appropriately: # chage -E [YYYY-MM-DD] [USER] "[YYYY-MM-DD]" indicates the documented expiration date for the account.
Additional Identifiers
Rule ID: SV-218046r603264_rule
Vulnerability ID: V-218046
Group Title: SRG-OS-000123
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001682 |
The information system automatically removes or disables emergency accounts after an organization-defined time period for each type of account. |
Controls
| Number | Title |
|---|---|
| AC-2 (2) |
Removal Of Temporary / Emergency Accounts |