-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-9.1.0
-
None
-
None
-
rhel-sst-security-compliance
-
ssg_security
-
26
-
None
-
False
-
-
No
-
None
-
-
Pass
-
None
-
Release Note Not Required
-
-
Unspecified
-
None
Description of problem:
After remediating RHEL 9.1 system (CIS Level 2 - Server) we see in /etc/login.defs these changes (among others):
- Password aging controls:
#- PASS_MAX_DAYS Maximum number of days a password may be used.
- PASS_MIN_DAYS Minimum number of days allowed between password changes.
+# PASS_MAX_DAYS 365
+# PASS_MIN_DAYS 1
- PASS_MIN_LEN Minimum acceptable password length.
- PASS_WARN_AGE Number of days warning given before a password expires.
#
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
+PASS_MAX_DAYS 365
+PASS_MIN_DAYS 1
PASS_WARN_AGE 7
It looks unnecessary to update commented out lines as now the description of the configuration parameters has been removed.
This is a general suggestion, there might be more cases like this. Thanks.
- external trackers
- links to
-
RHBA-2024:128049 scap-security-guide bug fix and enhancement update
- mentioned on