Secure by configuring an account password expiration
A common security practice is to set a user account password expiration after a specific period of time, such as every 90 days. does not provide the ability to configure an account password expiration. As a system administrator, you need to define, implement, and administer password expiration policies in accordance with your organization's requirements.
Take note of the following if you configure password expiration policies in your environment:
- Do not configure a password expiration for the root account. This can cause issues such as the
logrotatefailing to trim logs, data ingestion pausing, or services failing to restart.
- Do not configure a password expiration in AWS environments. By default, AWS instances use key pairs for authentication. If a user account expires, the account is blocked from accessing the AMI unless the user has configured an account password and can provide it when prompted. Key pair authentication doesn't work for expired accounts.
To reset a user's account expiration date, shut down the AWS instance and update user data through the AWS console. For example, to set an account expiration date of January 1, 2023:
# cloud-boothook # !/ bin / bash # chage -E "Jan 1, 2038" user
Specify a date in the future but before Jan 19, 2038. The latest time that can be represented in Unix's signed 32-bit integer time format is 03:14:07 UTC on Tuesday, 19 January 2038.
You can configure the user account to never expire:
# chage -m 0 user # chage -M 99999 user # chage -l user Last password change : Dec 10, 2016 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Configure role based access control inside Splunk apps
Enable or disable registered mobile devices
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2
Feedback submitted, thanks!