ALMA-09-037530 - AlmaLinux OS 9 must be configured so that the Pluggable Authentication Module is configured to store only encrypted representations of passwords.

Information

Passwords must be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.

The system must use a strong hashing algorithm to store the password.

Solution

Configure AlmaLinux OS 9 to use the SHA-512 algorithm for password hashing.

Edit/modify the following line in the "/etc/pam.d/password-auth" file to include the sha512 option for pam_unix.so:

password sufficient pam_unix.so sha512 shadow rounds=100000 use_authtok

Item Details

Audit Name: DISA Cloud Linux AlmaLinux OS 9 STIG v1r6

Category: IDENTIFICATION AND AUTHENTICATION

Plugin: Unix

Control ID: d38c76583390206b06a1d5e31430db305e09ef065de83bda1bd6e6f88e7c85ca

Detections

Analytics

ALMA-09-037530 - AlmaLinux OS 9 must be configured so that the Pluggable Authentication Module is configured to store only encrypted representations of passwords.

Information

Solution

See Also

Item Details