Security Configurations Require Credential Rotation after 90 days
The default security configuration for the Oracle Linux 6.9 and 7.4 images released between December 18, 2017 and April 5, 2018 requires that credential rotation occur within 90 days. If you do not rotate credentials in the 90 day time frame, access to the instance will be denied.
Oracle Linux images launched April 6, 2018 and later do not have this default security configuration.
Perform the steps below to modify the default security configuration for instances based on Oracle Linux 6.9 and 7.4 images released between December 18, 2017 and April 5, 2018.
Modify the Configuration for Instances You Can Access
If you are able to access your instances, run the following shell script to remove the 90-day credential rotation that was enabled by default.
if [ "$EUID" -ne 0 ]
then echo "Please run under sudo, or as root"
if [[ $( grep -c "Maipo" /etc/redhat-release ) -gt 0 ]]
# Oracle Linux 7
# Fix existing users
if [[ $( $CMD_PREFIX/bin/grep -c ":90:7:90:" /etc/shadow ) -gt 0 ]]; then
echo "Fixing affected users"
$CMD_PREFIX/bin/sed -i.bkp 's/:90:7:90:/:99999:7::/g' /etc/shadow
# Change the defaults from useradd: /etc/default/useradd
if [[ $( $CMD_PREFIX/bin/egrep -c "^INACTIVE=90" /etc/default/useradd ) -gt 0 ]]; then
echo "Fixing useradd defaults"
$CMD_PREFIX/bin/sed -i.bkp '/INACTIVE=90/d' /etc/default/useradd
$CMD_PREFIX/bin/sed -i.bkp2 's/#INACTIVE=-1/INACTIVE=-1/g' /etc/default/useradd
# Change the PAM defaults for new users
if [[ $( $CMD_PREFIX/bin/egrep -c "^PASS_MAX_DAYS 90" /etc/login.defs ) -gt 0 ]]; then
echo "Fixing PAM defaults"
$CMD_PREFIX/bin/sed -i.bkp '/PASS_MAX_DAYS 90/d' /etc/login.defs
$CMD_PREFIX/bin/sed -i.bkp2 's/#PASS_MAX_DAYS\s*99999/PASS_MAX_DAYS 99999/g' /etc/login.defs
Recovery Steps for Instances Where Access Is Denied
If access to the instance is denied, and you are unable to log in, do not terminate the instance. You will need to perform the recovery steps applicable to the Oracle Linux version to regain access, see one of the following topics: