@@ -75,6 +75,12 @@ rhel9cis_max_log_file_size: 1024
7575# `rhel9cis_bootloader_password_hash`
7676rhel9cis_set_boot_pass: false
7777
78+ # Disable account locking after inactivity period
79+ rhel9cis_inactivelock:
80+ # This variable specifies the number of days of inactivity before an account will be locked.
81+ # CIS requires a value of 30 days or less.
82+ lock_days: 99999
83+
7884##############################################################################
7985# Ubuntu Jammy CIS Hardening Configuration
8086
@@ -159,4 +165,24 @@ ubtu22cis_max_log_file_size: 1024
159165# ubtu22cis_bootloader_password_hash
160166ubtu22cis_rule_1_4_1: false
161167ubtu22cis_rule_1_4_3: false
168+
169+ # Disable password expiry by setting large values
170+ ubtu22cis_pass:
171+ ## Control 5.5.1.2
172+ # This variable governs after how many days a password expires.
173+ # CIS requires a value of 365 or less.
174+ max_days: 99999
175+ ## Control 5.5.1.1
176+ # This variable specifies the minimum number of days allowed between changing passwords.
177+ # CIS requires a value of at least 1.
178+ min_days: 0
179+ ## Control 5.5.1.3
180+ # This variable governs, how many days before a password expires, the user will be warned.
181+ # CIS requires a value of at least 7.
182+ warn_age: 7
183+ ## Control 5.5.1.4
184+ # This variable specifies the number of days of inactivity before an account will be locked.
185+ # CIS requires a value of 30 days or less.
186+ inactive: 99999
187+
162188##############################################################################
0 commit comments