Opbzil

RHEL has a number of system accounts that are used to manage applications. These accounts are not intended to provide interactive access to users. All non-system application accounts should have their shell field in the passwd file set to /sbin/nologin.

Identify the system accounts from this listing. These will primarily be the accounts with UID numbers less than 500, other than root.

only user identified was news

Edit the file /etc/login.defs to specify password expiration settings for new accounts. Add or correct the following lines:

PASS_MAX_DAYS 90
PASS_MIN_DAYS 7
PASS_MIN_LEN 10
PASS_WARN_AGE 7

For each existing human user USER , modify the current expiration settings to match these:

# chage -M 60 -m 7 -W 7 USER