From Solaris 11 X86 Security Technical Implementation Guide
Part of SRG-OS-000003
Associated with: CCI-000017
Inactive accounts pose a threat to system security since the users are not logging in to notice failed login attempts or other anomalies.
Determine whether the 35-day inactivity lock is configured properly. # useradd -D | xargs -n 1 | grep inactive |\ awk -F= '{ print $2 }' If the command returns a result other than 35, this is a finding. The root role is required for the "logins" command. For each configured user name and role name on the system, determine whether a 35-day inactivity period is configured. Replace [username] with an actual user name or role name. # logins -axo -l [username] | awk -F: '{ print $13 }' If these commands provide output other than 35, this is a finding.
The root role is required. Perform the following to implement the recommended state: # useradd -D -f 35 To set this policy on a user account, use the command(s): # usermod -f 35 [username] To set this policy on a role account, use the command(s): # rolemod -f 35 [name]
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer