Password expired (UNIX)

Module: Login Parameters

This check reports user accounts with expired passwords on systems that support password expiration. The check also reports expired user accounts and other conditions that could make your system vulnerable to potential intruders with unauthorized password knowledge. Use the Users/Groups name lists to exclude users that are not excluded by the Users to check option.

The following table lists the error messages for the check.

Table: Error messages for Password expired

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_EXPIRED_AIX_ACC Category: Policy Compliance	UNIX (5237)	Title: Account expired Description:The listed accounts have expired. Inactive accounts can be easy targets for intruders trying to break into your system. You should review these accounts and remove or archive any accounts that are not actively being used on your system.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_EXPIRED Category: Policy Compliance	UNIX (5238)	Title: Password expired Description:The passwords for the listed accounts have expired. Account users will be required to supply new passwords when they next log in to the system. Accounts with expired passwords may no longer be active. You should review these accounts and remove or archive any accounts that are not actively being used on your system.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_PASS_LSTCHG Category: Policy Compliance	UNIX (5239)	Title: Password last change Description:The listed users are shown with the last time they changed their passwords. Users should be required to change passwords at regular intervals. The probability of an intruder guessing a user's password increases with the length of time the user is allowed to keep the same password. You should set a limit on the length of time a user is allowed to keep the same password.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_PASS_NOCHECK Category: Policy Compliance	UNIX (5240)	Title: Any password good Description:The listed accounts do not require users to enter passwords that meet minimum system requirements for password strength. The users can enter passwords that intruders find easy to guess. You should modify these accounts to require user passwords that meet minimum system requirements.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_PASS_WARN Category: Policy Compliance	UNIX (5241)	Title: Password warnings Description:This account has been warned that the password is about to expire. This message provides information but does not require any security action on your part.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_EXPIRED_AIX_ACC

Category: Policy Compliance

UNIX (5237)

Title: Account expired

Description:The listed accounts have expired. Inactive accounts can be easy targets for intruders trying to break into your system. You should review these accounts and remove or archive any accounts that are not actively being used on your system.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_EXPIRED

Category: Policy Compliance

UNIX (5238)

Title: Password expired

Description:The passwords for the listed accounts have expired. Account users will be required to supply new passwords when they next log in to the system. Accounts with expired passwords may no longer be active. You should review these accounts and remove or archive any accounts that are not actively being used on your system.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_PASS_LSTCHG

Category: Policy Compliance

UNIX (5239)

Title: Password last change

Description:The listed users are shown with the last time they changed their passwords. Users should be required to change passwords at regular intervals. The probability of an intruder guessing a user's password increases with the length of time the user is allowed to keep the same password. You should set a limit on the length of time a user is allowed to keep the same password.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_PASS_NOCHECK

Category: Policy Compliance

UNIX (5240)

Title: Any password good

Description:The listed accounts do not require users to enter passwords that meet minimum system requirements for password strength. The users can enter passwords that intruders find easy to guess. You should modify these accounts to require user passwords that meet minimum system requirements.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_PASS_WARN

Category: Policy Compliance

UNIX (5241)

Title: Password warnings

Description:This account has been warned that the password is about to expire. This message provides information but does not require any security action on your part.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]