As per U_Red_Hat_Enterprise_Linux_7_V1R4_Manual_STIG/U_Red_Hat_Enterprise_Linux_7_STIG_V1R4_Manual-xccdf.xml
Operating systems need to track periods of inactivity and disable application identifiers after zero days of inactivity.
While /usr/share/xml/scap/ssg/content/.ssg-rhel7-ds.xml
xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration states:
If a password is currently on the
verge of expiration, then 35 days remain until the account is automatically
disabled. However, if the password will not expire for another 60 days, then 95
days could elapse until the account would be automatically disabled.
dahaic
commented
6 years ago
Description of problem:
As per: http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx
As per U_Red_Hat_Enterprise_Linux_7_V1R4_Manual_STIG/U_Red_Hat_Enterprise_Linux_7_STIG_V1R4_Manual-xccdf.xml Operating systems need to track periods of inactivity and disable application identifiers after zero days of inactivity.
While /usr/share/xml/scap/ssg/content/.ssg-rhel7-ds.xml xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration states: If a password is currently on the verge of expiration, then 35 days remain until the account is automatically disabled. However, if the password will not expire for another 60 days, then 95 days could elapse until the account would be automatically disabled.
This is inconsistency in description.
SCAP Security Guide Version:
scap-security-guide-0.1.36-7.el7.noarch
Operating System Version:
rhel-7
Steps to Reproduce:
Actual Results:
Expected Results:
Addition Information/Debugging Steps: