瀏覽代碼
Drop CIS 5.4.1.4
CIS 5.4.1.4 should be configured in /etc/default/useradd cis-5-4-1-4.yml attempts to configure this item in pillar that relates to /etc/login.defs and should be removed. Related-Prod: PROD-23600 Change-Id: Iea93a54a44df919c07001fc02e3551276ef9583cpull/170/head
Dmitry Teselkin
6 年之前
+ 0
- 51
metadata/service/system/cis/cis-5-4-1-4.yml
查看文件
| @@ -1,51 +0,0 @@ | |||
| # CIS 5.4.1.4 Ensure inactive password lock is 30 days or less (Scored) | |||
| # | |||
| # Description | |||
| # =========== | |||
| # User accounts that have been inactive for over a given period of time can be | |||
| # automatically disabled. It is recommended that accounts that are inactive | |||
| # for 30 days after password expiration be disabled. | |||
| # | |||
| # Rationale | |||
| # ========= | |||
| # Inactive accounts pose a threat to system security since the users are not | |||
| # logging in to notice failed login attempts or other anomalies. | |||
| # | |||
| # Audit | |||
| # ===== | |||
| # Run the following command and verify INACTIVE is 30 or less: | |||
| # | |||
| # # useradd -D | grep INACTIVE | |||
| # INACTIVE=30 | |||
| # | |||
| # Verify all users with a password have Password inactive no more than 30 days | |||
| # after password expires: | |||
| # | |||
| # # egrep ^[^:]+:[^\!*] /etc/shadow | cut -d: -f1 | |||
| # <list of users> | |||
| # # chage --list <user> | |||
| # Password inactive: <date> | |||
| # | |||
| # Remediation | |||
| # =========== | |||
| # Run the following command to set the default password inactivity period to | |||
| # 30 days: | |||
| # | |||
| # # useradd -D -f 30 | |||
| # | |||
| # Modify user parameters for all users with a password set to match: | |||
| # | |||
| # # chage --inactive 30 <user> | |||
| # | |||
| # Notes | |||
| # ===== | |||
| # You can also check this setting in /etc/shadow directly. The 7th field | |||
| # should be 30 or less for all users with a password. | |||
| # | |||
| parameters: | |||
| linux: | |||
| system: | |||
| login_defs: | |||
| INACTIVE: | |||
| value: 30 | |||
+ 0
- 1
metadata/service/system/cis/init.yml
查看文件
| @@ -34,7 +34,6 @@ classes: | |||
| - service.linux.system.cis.cis-5-4-1-1 | |||
| - service.linux.system.cis.cis-5-4-1-2 | |||
| - service.linux.system.cis.cis-5-4-1-3 | |||
| - service.linux.system.cis.cis-5-4-1-4 | |||
| - service.linux.system.cis.cis-5-4-4 | |||
| - service.linux.system.cis.cis-6-1-2 | |||
| - service.linux.system.cis.cis-6-1-3 | |||
Loading…