{"description": "Configure non-compliant accounts to enforce a 24 hours/1 day minimum password\nlifetime by running the following command:\n<pre>$ sudo chage -m 1 <i>USER</i></pre>", "rationale": "Enforcing a minimum password lifetime helps to prevent repeated password\nchanges to defeat the password reuse or history enforcement requirement. If\nusers are allowed to immediately and continually change their password, the\npassword could be repeatedly changed in a short period of time to defeat the\norganization's policy regarding password reuse.", "severity": "medium", "references": {"nist": ["IA-5(f)", "IA-5(1)(d)", "CM-6(a)"], "srg": ["SRG-OS-000075-GPOS-00043"], "cis": ["5.4.1.2"]}, "control_references": {"cis": ["5.4.1.2"]}, "components": [], "identifiers": {}, "ocil_clause": "any results are returned that are not associated with a system account", "ocil": "Verify that Ubuntu 22.04 has configured the minimum time period between password changes for each user account is one day or greater with the following command:\n\n$ sudo awk -F: '$4 &lt; 1 {print $1 \" \" $4}' /etc/shadow", "oval_external_content": null, "fixtext": "Configure non-compliant accounts to enforce a 24 hours/1 day minimum password lifetime:\n\n$ sudo chage -m <sub idref=\"var_accounts_minimum_age_login_defs\" /> [user]", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 passwords must have a 24 hours/1 day minimum password lifetime restriction in /etc/shadow.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 passwords must have a 24 hours/1 day minimum password lifetime restriction in /etc/shadow.", "vuldiscussion": "Enforcing a minimum password lifetime helps to prevent repeated password\nchanges to defeat the password reuse or history enforcement requirement. If\nusers are allowed to immediately and continually change their password, the\npassword could be repeatedly changed in a short period of time to defeat the\norganization's policy regarding password reuse.", "checktext": "\nVerify that Ubuntu 22.04 has configured the minimum time period between password changes for each user account is one day or greater with the following command:\n\n$ sudo awk -F: '$4 &lt 1 {print $1 \" \" $4}' /etc/shadow\n\nIf any results are returned that are not associated with a system account, this is a finding.", "fixtext": "Configure non-compliant accounts to enforce a 24 hours/1 day minimum password lifetime:\n\n$ sudo passwd -n 1 [user]"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Set Existing Passwords Minimum Age", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml", "template": null}