5.3.1 Ensure password creation requirements are configured - password-auth try_first_pass

Information

Strong passwords protect systems from being hacked through brute force methods.

Solution

Edit the /etc/pam.d/password-auth and /etc/pam.d/system-auth files to include the appropriate options for pam_pwquality.so and to conform to site policy: password requisite pam_pwquality.so try_first_pass retry=3

See Also

https://workbench.cisecurity.org/files/1863

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a., CSCv6|5.7, CSCv6|16.12

Plugin: Unix

Control ID: 3aa89ffc23fbbb4ec44e94908abe1513d703fda4f51dae7ca733506276705aed