5.5.1.1 Ensure minimum days between password changes is configured
Audit#
Run the following command and verify PASS_MIN_DAYS conforms to site policy (no less than 1 day):
Run the following command and Review list of users and PAS_MIN_DAYS to Verify that all users' PAS_MIN_DAYS conforms to site policy (no less than 1 day):
# awk -F : '(/^[^:]+:[^!*]/ && $4 < 1){print $1 " " $4}' /etc/shadow
No <user>:<PASS_MIN_DAYS> should be returned
Remediation#
Set the PASS_MIN_DAYS parameter to 1 in /etc/login.defs :
Modify user parameters for all users with a password set to match:
Default Value:
PASS_MIN_DAYS 0