An XCCDF Group - A logical subset of the XCCDF Benchmark
/etc/passwd
/etc/shadow
^(bin|oracle|sapadm)$
root
var_accounts_authorized_local_users_regex
$ sudo userdel unauthorized_user
NUM_DAYS
USER
$ sudo chage -I NUM_DAYS USER
-E
/etc/default/useradd
INACTIVE=
useradd
# sudo chage -l [Emergency_Administrator] Password expires:never
Password expires
Account expires
never
YYYY-MM-DD
$ sudo chage -E YYYY-MM-DD USER
$ sudo getent passwd | awk -F: '{ print $1}' | uniq -d
/etc/login.defs
passwd
su
login
login.defs(5)
PASS_MAX_DAYS
-M
PASS_MIN_DAYS
-m
PASS_WARN_AGE
-W
$ sudo chage -M 180 -m 7 -W 7 USER
PASS_MIN_LEN
15
12
pam_pwquality
$ sudo chage -M USER
$ sudo chage -m 1 USER
$ sudo chage --warndays USER
$ sudo chage --inactive 30USER
/etc/pam.d/system-auth
/etc/pam.d/password-auth
x
*
$ sudo cut -d: -f2 /etc/shadow $6$kcOnRq/5$NUEYPuyL.wghQwWssXRcLRFiiru7f5JPV6GaJhNC2aK5F3PZpE/BCCtwrxRc/AInKMNX3CdMw11m9STiql12f/
!
$6
rounds
pam_unix
/etc/pam.d/common-password
rounds=
pam_unix.so
password sufficient pam_unix.so ...existing_options... rounds=
nullok
/etc/pam.d/
$ sudo awk -F: '!$2 {print $1}' /etc/shadow
$ sudo passwd [username]
$ sudo passwd -l [username]
.forward
+
.netrc
sudo
/etc/securetty
/dev/console
/dev/tty*
/dev/vc/*
var_pam_wheel_group_for_su
pam_wheel.so
group
/etc/pam.d/su
$ sudo echo > /etc/securetty
1000
$ sudo usermod -s /sbin/nologin account
ttyS0 ttyS1
vc/1 vc/2 vc/3 vc/4
wheel
auth required pam_wheel.so use_uid
auth required pam_wheel.so use_uid group=