{"description": "Emergency accounts are privileged accounts established in response to\ncrisis situations where the need for rapid account activation is required.\nIn the event emergency accounts are required, configure the system to\nterminate them after a documented time period. For every emergency account,\nrun the following command to set an expiration date on it, substituting\n<tt><i>ACCOUNT_NAME</i></tt> and <tt><i>YYYY-MM-DD</i></tt>\nappropriately:\n<pre>$ sudo chage -E <i>YYYY-MM-DD ACCOUNT_NAME</i></pre>\n<tt><i>YYYY-MM-DD</i></tt> indicates the documented expiration date for the\naccount. For U.S. Government systems, the operating system must be\nconfigured to automatically terminate these types of accounts after a\nperiod of 72 hours.", "rationale": "If emergency user accounts remain active when no longer needed or for\nan excessive period, these accounts may be used to gain unauthorized access.\nTo mitigate this risk, automated termination of all emergency accounts\nmust be set upon account creation.\n<br />", "severity": "medium", "references": {"cis-csc": ["1", "12", "13", "14", "15", "16", "18", "3", "5", "7", "8"], "cobit5": ["DSS01.03", "DSS03.05", "DSS05.04", "DSS05.05", "DSS05.07", "DSS06.03"], "isa-62443-2009": ["4.3.3.2.2", "4.3.3.5.1", "4.3.3.5.2", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4"], "isa-62443-2013": ["SR 1.1", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 6.2"], "iso27001-2013": ["A.12.4.1", "A.12.4.3", "A.6.1.2", "A.7.1.1", "A.9.1.2", "A.9.2.1", "A.9.2.2", "A.9.2.3", "A.9.2.4", "A.9.2.6", "A.9.3.1", "A.9.4.1", "A.9.4.2", "A.9.4.3", "A.9.4.4", "A.9.4.5"], "nist": ["AC-2(2)", "AC-2(3)", "CM-6(a)"], "nist-csf": ["DE.CM-1", "DE.CM-3", "PR.AC-1", "PR.AC-4", "PR.AC-6"], "srg": ["SRG-OS-000123-GPOS-00064", "SRG-OS-000002-GPOS-00002"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "any emergency accounts have no expiration date set or do not expire within 72 hours", "ocil": "Verify emergency accounts have been provisioned with an expiration date of 72 hours.\n\nFor every emergency account, run the following command to obtain its account aging and expiration information:\n\n$ sudo chage -l emergency_account_name\n\nVerify each of these accounts has an expiration date set within 72 hours or as documented.", "oval_external_content": null, "fixtext": "If an emergency account must be created configure the system to terminate the account after a 72 hour time period with the following command to set an expiration date on it.\nSubstitute \"emergency_account_name\" with the account to be created.\n\n$ sudo chage -E `date -d \"+3 days\" +%Y-%m-%d` emergency_account_name\n\nThe automatic expiration or disabling time period may be extended as needed until the crisis\nis resolved.", "checktext": "Verify emergency accounts have been provisioned with an expiration date of 72 hours.\n\nFor every emergency account, run the following command to obtain its account aging and expiration information:\n\n$ sudo chage -l emergency_account_name\n\nVerify each of these accounts has an expiration date set within 72 hours or as documented.\n\nIf any emergency accounts have no expiration date set or do not expire within 72 hours, this is a finding.", "vuldiscussion": "If emergency user accounts remain active when no longer needed or for\nan excessive period, these accounts may be used to gain unauthorized access.\nTo mitigate this risk, automated termination of all emergency accounts\nmust be set upon account creation.", "srg_requirement": "Ubuntu 22.04 must automatically remove or disable emergency user accounts after 72 hours.", "warnings": [{"general": "Due to the unique requirements of each system, automated\nremediation is not available for this configuration check."}, {"general": "This rule is deprecated in favor of the <code>account_temp_expire_date</code> rule.Please consider replacing this rule in your files as it is not expected to receive\nupdates as of version <code>0.1.69</code>."}], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 emergency accounts must be automatically removed or disabled after the crisis is resolved or within 72 hours.", "vuldiscussion": "If emergency user accounts remain active when no longer needed or for\nan excessive period, these accounts may be used to gain unauthorized access.\nTo mitigate this risk, automated termination of all emergency accounts\nmust be set upon account creation.", "checktext": "Verify emergency accounts have been provisioned with an expiration date of 72 hours.\n\nFor every emergency account, run the following command to obtain its account aging and expiration information:\n\n$ sudo chage -l emergency_account_name\n\nVerify each of these accounts has an expiration date set within 72 hours or as documented.\n\nIf any emergency accounts have no expiration date set or do not expire within 72 hours, this is a finding.", "fixtext": "If an emergency account must be created configure the system to terminate the account after a 72\nhour time period with the following command to set an expiration date on it. Substitute\n\"emergency_account_name\" with the account to be created.\n\n$ sudo chage -E `date -d \"+3 days\" +%Y-%m-%d` emergency_account_name"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Assign Expiration Date to Emergency Accounts", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml", "template": null}