DISA STIGS Viewer

Finding ID	Version	Rule ID	IA Controls	Severity
V-261355	SLEM-05-411045	SV-261355r996516_rule		Medium

Description

Temporary accounts are privileged or nonprivileged accounts established during pressing circumstances, such as new software or hardware configuration or an incident response, where the need for prompt account activation requires bypassing normal account authorization procedures. If any inactive temporary accounts are left enabled on the system and are not either manually removed or automatically expired within 72 hours, the security posture of the system will be degraded and exposed to exploitation by unauthorized users or insider threat actors. Temporary accounts are different from emergency accounts. Emergency accounts, also known as "last resort" or "break glass" accounts, are local logon accounts enabled on the system for emergency use by authorized system administrators to manage a system when standard logon methods are failing or not available. Emergency accounts are not subject to manual removal or scheduled expiration requirements. The automatic expiration of temporary accounts may be extended as needed by the circumstances, but it must not be extended indefinitely. A documented permanent account should be established for privileged users who need long-term maintenance accounts.

STIG	Date
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide	2025-05-08

Check Text (C-65084r996515_chk)

Verify temporary accounts have been provisioned with an expiration date of 72 hours with the following command: > sudo chage -l <temporary_account_name> | grep -E '(Password|Account) expires' If any temporary accounts have no expiration date set or do not expire within 72 hours, this is a finding.

Fix Text (F-64992r995931_fix)

Configure SLEM 5 to expire temporary accounts after 72 hours with the following command: >sudo chage -E $(date -d +3days +%Y-%m-%d) <temporary_account_name>