Disables password expiration and inactivity policies

[jovial]

This was causing the kayobe and kolla service accounts to be locked out of the system.

[jovial]

I've not tested this yet. It seems common to use 99999 but we may be able to use -1 instead. See: https://linux.die.net/man/1/chage

[MoteHue]

I've not tested this yet. It seems common to use 99999 but we may be able to use -1 instead. See: https://linux.die.net/man/1/chage

FWIW I found running the chage command with -1 didn't make any change, I figured that was why it's common to use 99999

[jovial]

At least on Ubuntu, you'd would of had to run the hardening before host configure, as by default, it doesn't change existing users without ubtu22cis_disruption_high:

ubuntu@will-controller-01:~$ sudo chage -l stack
Last password change                                    : Jul 08, 2024
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7
ubuntu@will-controller-01:~$ sudo chage -l kolla
Last password change                                    : Jul 08, 2024
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

I've also found the logic in the shell command checking which entries to update will never increase the expiry:
"Ensure password expiration is 365 days or less". So may need some tasks to do this.