← Rules Catalog
mediumaccess-controlverified rollback-safe

Ensure minimum password days is configured

password-min-age · RHEL ≥ 8, UBUNTU ≥ 22 · 1 impl

Description

The PASS_MIN_DAYS setting in /etc/login.defs must be properly configured.

Rationale

Improper PASS_MIN_DAYS configuration could weaken system security controls.

Check → Remediate

Checkconfig_value
delimiter:
path:
/etc/login.defs
key:
PASS_MIN_DAYS
expected:
{{ login_defs_pass_min_days }}
comparator:
>=
Remediateconfig_set
path:
/etc/login.defs
key:
PASS_MIN_DAYS
value:
{{ login_defs_pass_min_days }}
separator:

Framework references

CIS

rhel9 5.4.1.2rhel8 5.4.1.2rhel10 5.4.1.2ubuntu24 5.4.1.2ubuntu22 5.4.1.2

STIG

V-258104 / RHEL-09-611075V-230364V-230365 / RHEL-08-020190V-270730 / UBTU-24-400300V-260545 / UBTU-22-411025V-281180 / RHEL-10-600210

NIST 800-53

IA-5IA-5(1)(d)

Live verification

rhel10:checkrhel8:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#password#login-defs#aging