d0f4a70d9c
Implements: blueprint security-hardening Change-Id: I96ff7de8398c1fb60c73e169e597dd354121c05e
11 lines
462 B
ReStructuredText
11 lines
462 B
ReStructuredText
**Opt-in required**
|
|
|
|
By default, Ubuntu doesn't require that inactive accounts are locked after a
|
|
period of time. The STIG requires that accounts with 35 days of activity are
|
|
locked.
|
|
|
|
Deployers must opt-in for this change by setting the
|
|
``inactive_account_lock_days`` Ansible variable. The STIG requires this to be
|
|
set to 35 days at a maximum. The Ansible tasks will not make any changes to
|
|
``/etc/default/useradd`` unless ``inactive_account_lock_days`` is set.
|