Detections
Analytics

1.62 UBTU-24-300016

Information

The operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.

GROUP ID: V-270705
SV-270705r1066604

Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.

Solution

Configure the operating system to use "pwquality" to enforce password complexity rules.

Add or modify the following line in the "/etc/security/pwquality.conf" file:

enforcing = 1

Add or modify the following line in the "/etc/pam.d/common-password" file:

password requisite pam_pwquality.so retry=3

Note: The value of "retry" should be between "1" and "3".

See Also

https://workbench.cisecurity.org/benchmarks/22775

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, CSCv7|4.4, STIG-ID|UBTU-24-300016, Vuln-ID|V-270705

Plugin: Unix

Control ID: 0eb6f547d0002b2210957dcc7e67b8db60beecfa838a8e4b79312474f0751380