RHEL-07-010118 - The Red Hat Enterprise Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Pluggable authentication modules (PAM) allow for a modular approach to integrating authentication methods. PAM operates in a top-down processing model and if the modules are not listed in the correct order, an important security function could be bypassed if stack entries are not centralized.

Solution

Configure PAM to utilize /etc/pam.d/system-auth when changing passwords.

Add the following line to '/etc/pam.d/passwd' (or modify the line to have the required value):

password substack system-auth

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_7_V3R7_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, CAT|II, CCI|CCI-000192, Rule-ID|SV-204405r603261_rule, STIG-ID|RHEL-07-010118, STIG-Legacy|SV-95715, STIG-Legacy|V-81003, Vuln-ID|V-204405

Plugin: Unix

Control ID: 34793b45da14889bc5fcd641525d8071f9fbf59169f61e42c2643530445c1227