Details
User accounts that have been inactive for over a given period of time can be automatically disabled. It is recommended that accounts that are inactive for 30 days after password expiration be disabled.
Solution
Run the following command to set the default password inactivity period to 30 days: # useradd -D -f 30
Modify user parameters for all users with a password set to match: # chage –inactive 30
Notes: You can also check this setting in /etc/shadow directly. The 7th field should be 30 or less for all users with a password.
Note: A value of -1 would disable this setting.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.