{"description": "Emergency accounts are privileged accounts that are established in response\nto crisis situations where the need for rapid account activation is\nrequired. Therefore, emergency account activation may bypass normal account\nauthorization processes. If these accounts are automatically disabled,\nsystem maintenance during emergencies may not be possible, thus adversely\naffecting system availability.\n\nCheck to see if an emergency administrator account password or account expires with the following command:\n\n<pre># sudo chage -l [Emergency_Administrator]\n\nPassword expires:never</pre>\n\nIf <tt>Password expires</tt> or <tt>Account expires</tt> is set to anything other than <tt>never</tt>, this is a finding.", "rationale": "Emergency accounts are different from infrequently used accounts (i.e.,\nlocal logon accounts used by the organization's system administrators when\nnetwork or normal logon/access is not available). Infrequently used\naccounts are not subject to automatic termination dates. Emergency accounts\nare accounts created in response to crisis situations, usually for use by\nmaintenance personnel. The automatic expiration or disabling time period\nmay be extended as needed until the crisis is resolved; however, it must\nnot be extended indefinitely. A permanent account should be established for\nprivileged users who need long-term maintenance accounts.\n\nTo address access requirements the SUSE operating system can be integrated\nwith enterprise-level authentication/access mechanisms that meet or exceed\naccess control policy requirements.", "severity": "medium", "references": {"srg": ["SRG-OS-000123-GPOS-00064"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "any emergency administrator account or account password has an expiration date set", "ocil": "Check to see if an emergency administrator account password or account expires with the following command:\n\n<pre># sudo chage -l [Emergency_Administrator]\n\nPassword expires:never</pre>\n\nIf <tt>Password expires</tt> or <tt>Account expires</tt> is set to anything other than <tt>never</tt>, this is a finding.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Never Automatically Remove or Disable Emergency Administrator Accounts", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_admin/rule.yml", "template": null}