.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
NetWitness LogCollector sftp account password expiring for every 60 days
Issue
The user account password expires after 60 days and that can be verified using below command.#chage -l sftp
Last password change : Apr 29, 2021
Password expires : Jun 28, 2021
Password inactive : Jun 28, 2021
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 60
Number of days of warning before password expires : 7
Password expires : Jun 28, 2021
Password inactive : Jun 28, 2021
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 60
Number of days of warning before password expires : 7
Cause
This issue is due to "Maximum number of days between password change" value set to 60.
Resolution
Please follow the below instructions to adjust user account settings.- Please login to NetWitness Log Collector putty.
- Please run the below command to set Inactive, Maximum number of days between password change, Minimum number of days between password change and Expire settings. This would help the account password never expires.
#
chage -I -1 -m 0 -M -1 -E -1 sftp
More details on command options are as below.
#chage --help
Usage: chage [options] LOGIN
Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximum number of days before password
change to MAX_DAYS
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximum number of days before password
change to MAX_DAYS
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
Please verify the account settings using below command.
#chage -l sftp
Last password change : Apr 29, 2021
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : -1
Number of days of warning before password expires : 7
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : -1
Number of days of warning before password expires : 7
Product Details
RSA Product Set: RSA NetWitness PlatformRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.5.1.0
Platform: CentOS
O/S Version: 7
Summary
This document outlines the procedure to set non-expiry user account password.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue