Detections
Analytics
RHEL-08-020101 - RHEL 8 must ensure the password complexity module is enabled in the system-auth file.
Information
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.RHEL 8 uses "pwquality" as a mechanism to enforce password complexity. This is set in both:
/etc/pam.d/password-auth
/etc/pam.d/system-auth
Solution
Configure the operating system to use "pwquality" to enforce password complexity rules.Add the following line to the "/etc/pam.d/system-auth" file (or modify the line to have the required value):
password requisite pam_pwquality.so
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_8_V2R7_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 8 STIG v2r7
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-251713r1017366_rule, STIG-ID|RHEL-08-020101, Vuln-ID|V-251713
Plugin: Unix
Control ID: 31ccae3864b9c77d0ead31d58687c48f0a528b01c374e6e79b65a57d9cd1c72b