5.2 Use Unique Passwords
Access Control
Automated
Configure Shadow Password Suite Parameters
IG1
IG2
IG3
Level 1
Server
T1078
T1078.001
T1078.002
T1078.003
T1078.004
T1110
T1110.001
T1110.002
T1110.003
T1110.004
User Accounts and Environment
Workstation
5.4.1.6 Ensure all users last password change date is in the past
Audit
Run the following script and verify nothing is returned:
#!/usr/bin/env bash
{
while IFS = read -r l_user; do
l_change = $( date -d " $( chage --list $l_user | grep '^Last password change' | cut -d: -f2 | grep -v 'never$' ) " +%s)
if [[ " $l_change " -gt " $( date +%s) " ]] ; then
echo "User: \" $l_user \" last password change was \" $( chage --list $l_user | grep '^Last password change' | cut -d: -f2) \""
fi
done < <( awk -F: '$2~/^\$.+\$/{print $1}' /etc/shadow)
}
Investigate any users with a password change date in the future and correct them.
Locking the account, expiring the password, or resetting the password manually may be appropriate.