Linux expired password script
Posted on 2012-12-26
I have a script that runs in bash and just to trying to put a simple if statement.
Trying to put an if statement that will check uid range from 1000 and up in /etc/shadow
and ignore uid range of 0 - 999 and if the 5th field in /etc/shadow is 0 or not 60 change it to 60.
passwords must expire after 60 days. The DISA Stig is below.
my challenge below is:
Limiting the lifespan of authenticators limits the period of time an unauthorized user has access to the system while using compromised credentials and reduces the period of time available for password-guessing attacks to run against a single password.
Check the max days field (the 5th field) of /etc/shadow.
# more /etc/shadow
If the max days field is equal to 0 or greater than 60 for any user, this is a finding.
Set the max days field to 60 for all user accounts.
# passwd -x 60 <user>