6969881a60
In order to comply with CIS Benchmark, the password minimum age should
be 1 day, maximum age should be no more than 365 days, inactive password
lock should be less than or equal to 45 days, and password encryption
should be set to SHA512.
This commit adds those requirements to the default user settings.
Test Plan:
PASS: Run build-pkgs -c -p shadow-utils-config.
PASS: Run build-image.
PASS: Run fresh install of AIO-SX with complete bootstrap and unlock of
the controller-0.
PASS: Run fresh install of AIO-DX with complete bootstrap and unlock of
controller-0 and controller-1.
PASS: Perform backup and restore and verify that the rules apply.
PASS: Run `chage -l sysadmin` after bootstrap and check if the password
expires 90 days in the future.
Story: 2011283
Task: 51443
Change-Id: Ic6e2d88d4317a565ea043caaac14e73b723171f3
Signed-off-by: Rodrigo Tavares <Rodrigo.DosSantosTavares@windriver.com>
37 lines
1.1 KiB
Plaintext
37 lines
1.1 KiB
Plaintext
# Default values for useradd(8)
|
|
#
|
|
# The SHELL variable specifies the default login shell on your
|
|
# system.
|
|
# Similar to DSHELL in adduser. However, we use "sh" here because
|
|
# useradd is a low level utility and should be as general
|
|
# as possible
|
|
SHELL=/bin/sh
|
|
#
|
|
# The default group for users
|
|
# 100=users on Debian systems
|
|
# Same as USERS_GID in adduser
|
|
# This argument is used when the -n flag is specified.
|
|
# The default behavior (when -n and -g are not specified) is to create a
|
|
# primary user group with the same name as the user being added to the
|
|
# system.
|
|
# GROUP=100
|
|
#
|
|
# The default home directory. Same as DHOME for adduser
|
|
# HOME=/home
|
|
#
|
|
# The number of days after a password expires until the account
|
|
# is permanently disabled
|
|
INACTIVE=45
|
|
#
|
|
# The default expire date
|
|
# EXPIRE=
|
|
#
|
|
# The SKEL variable specifies the directory containing "skeletal" user
|
|
# files; in other words, files such as a sample .profile that will be
|
|
# copied to the new user's home directory when it is created.
|
|
# SKEL=/etc/skel
|
|
#
|
|
# Defines whether the mail spool should be created while
|
|
# creating the account
|
|
# CREATE_MAIL_SPOOL=yes
|