Ensure password expiration warning days is 5 or more

Usage and Config Security
1

I want to configure Password Expiration Waring to 5 days for linux server 6, below is the default check for 7 days warning where do i have to change the value for 5 days warning.

(concatenation " : " of (“file content test”; pathname of item 0 of it; item 2 of it; item 1 of it; "instance " & (it as string) of item 3 of it)) of ((it, (if exists it then concatenation “,” of substrings separated by “<!comma>” of it else it) of tuple string items (1 - 1) of concatenation ", " of substrings separated by “<!plural>” of concatenation “<!comma>” of substrings separated by “,” of concatenation “<!plural>” of (if exist matches (regex “<!comma>|<!plural>”) of it then error “Delimiter in string: <!comma>|<!plural>” else it) of lines whose (exist matches (regex “^\sPASS_WARN_AGE\s+([789]|[1-9][0-9]+)\s(\s+#.)?$") of it) of it, "^\sPASS_WARN_AGE\s+([789]|[1-9][0-9]+)\s*(\s+#.*)?$”, 1) of it) of files “/etc/login.defs”

2

Hi all
Can anyone help on this

3

Hopefully, you’re using the wizard to create your custom checklist and then modifying from there. Some content is parameterized, so it is very easy to change the values in the fixlet description once you’ve created your custom copy. https://www.ibm.com/support/knowledgecenter/SS6MCG_9.5.0/com.ibm.bigfix.compliance.doc/Compliance/SCM_Users_Guide/t_creating_custom_checklists.html

The RHEL 6 ones don’t seem to be, so you would need to modify the relevance check directly. I’m assuming the relevance got cut off in your post, since it doesn’t include the days part of the check, as mine does. You would look for the following section and change the 7 to a 5:

...item 5 of it) of it < 7)) of (parenthesized part 1 of it,...