From SLES 12 Security Technical Implementation Guide
Part of SRG-OS-000002-GPOS-00002
Associated with: CCI-000016
If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation.
Verify that the SUSE operating system provisions temporary accounts with an expiration date for "72" hours. Ask the System Administrator if any temporary accounts have been added to the system. For every existing temporary account, run the following command to obtain its account expiration information: # sudo chage -l system_account_name Verify each of these accounts has an expiration date that is within "72" hours of its creation. If any temporary accounts have no expiration date set or do not expire within "72" hours of their creation, this is a finding.
In the event temporary accounts are required, configure the SUSE operating system to terminate them after "72" hours. For every temporary account, run the following command to set an expiration date on it, substituting "system_account_name" with the appropriate value: # sudo chage -E `date -d "+3 days" +%Y-%m-%d` system_account_name `date -d "+3 days" +%Y-%m-%d` sets the 72-hour expiration date for the account at the time the command is run.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer