{"description": "Configure the root account to enforce a <sub idref=\"var_accounts_maximum_age_root\" />-day maximum password lifetime restriction by running the following command:\n<pre>$ sudo chage -M <sub idref=\"var_accounts_maximum_age_root\" /> root</pre>", "rationale": "Any password, no matter how complex, can eventually be cracked. Therefore,\npasswords need to be changed periodically. If the operating system does\nnot limit the lifetime of passwords and force users to change their\npasswords, there is the risk that the operating system passwords could be\ncompromised.", "severity": "medium", "references": {"anssi": ["R31"]}, "control_references": {"anssi": ["R31"]}, "components": [], "identifiers": {}, "ocil_clause": "any results are returned that are not associated with a system account", "ocil": "Check whether the maximum time period for root account password is restricted to <sub idref=\"var_accounts_maximum_age_root\" /> days with the following commands:\n\n$ sudo awk -F: '$1 == \"root\" {print $1 \" \" $5}' /etc/shadow", "oval_external_content": null, "fixtext": "Configure non-compliant accounts to enforce a <sub idref=\"var_accounts_maximum_age_root\" />-day maximum password lifetime restriction.\n$ sudo chage -M <sub idref=\"var_accounts_maximum_age_root\" /> root", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Set Root Account Password Maximum Age", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/rule.yml", "template": null}