mediumaccess-controlverified ✓rollback-safe
Ensure minimum password days is configured
password-min-age · RHEL ≥ 8, UBUNTU ≥ 22 · 1 impl
Description
The PASS_MIN_DAYS setting in /etc/login.defs must be properly configured.
Rationale
Improper PASS_MIN_DAYS configuration could weaken system security controls.
Check → Remediate
Checkconfig_value
- delimiter:
- path:
- /etc/login.defs
- key:
- PASS_MIN_DAYS
- expected:
- {{ login_defs_pass_min_days }}
- comparator:
- >=
Remediateconfig_set
- path:
- /etc/login.defs
- key:
- PASS_MIN_DAYS
- value:
- {{ login_defs_pass_min_days }}
- separator:
Framework references
CIS
rhel9 5.4.1.2rhel8 5.4.1.2rhel10 5.4.1.2ubuntu24 5.4.1.2ubuntu22 5.4.1.2
STIG
V-258104 / RHEL-09-611075V-230364V-230365 / RHEL-08-020190V-270730 / UBTU-24-400300V-260545 / UBTU-22-411025V-281180 / RHEL-10-600210
NIST 800-53
IA-5IA-5(1)(d)
Live verification
rhel10:checkrhel8:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#password#login-defs#aging