{"description": "Accounts can be configured to be automatically disabled\nafter a certain time period,\nmeaning that they will require administrator interaction to become usable again.\nExpiration of accounts after inactivity can be set for all accounts by default\nand also on a per-account basis, such as for accounts that are known to be temporary.\nTo configure automatic expiration of an account following\nthe expiration of its password (that is, after the password has expired and not been changed),\nrun the following command, substituting <tt><i>NUM_DAYS</i></tt> and <tt><i>USER</i></tt> appropriately:\n<pre>$ sudo chage -I <i>NUM_DAYS USER</i></pre>\nAccounts, such as temporary accounts, can also be configured to expire on an explicitly-set date with the\n<tt>-E</tt> option.\nThe file <tt>/etc/default/useradd</tt> controls\ndefault settings for all newly-created accounts created with the system's\nnormal command line utilities.", "warnings": [{"general": "This will only apply to newly created accounts"}], "requires": [], "conflicts": [], "values": ["var_account_disable_inactivity", "var_account_disable_post_pw_expiration"], "groups": {}, "rules": ["account_disable_inactivity_password_auth", "account_disable_inactivity_system_auth", "account_disable_post_pw_expiration", "account_emergency_admin", "account_emergency_expire_date", "account_temp_expire_date", "account_unique_name", "account_use_centralized_automated_auth", "ensure_shadow_group_empty", "policy_temp_passwords_immediate_change"], "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "title": "Set Account Expiration Parameters", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/group.yml"}