From Oracle Linux 6 Security Technical Implementation Guide
Part of SRG-OS-000123
Associated with: CCI-001682
When emergency accounts are created, there is a risk they may remain in place and active after the need for them no longer exists. Account expiration greatly reduces the risk of accounts being misused or hijacked.
For every emergency account, run the following command to obtain its account aging and expiration information: # chage -l [USER] Verify each of these accounts has an expiration date set as documented. If any emergency accounts have no expiration date set or do not expire within a documented time frame, this is a finding.
In the event emergency accounts are required, configure the system to terminate them after a documented time period. For every emergency account, run the following command to set an expiration date on it, substituting "[USER]" and "[YYYY-MM-DD]" appropriately: # chage -E [YYYY-MM-DD] [USER] "[YYYY-MM-DD]" indicates the documented expiration date for the account.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer