Detections
Analytics
PHTN-40-000243 - The Photon operating system must be configured to use the pam_pwhistory.so module.
Information
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.Solution
Navigate to and open:/etc/pam.d/system-password
Add or update the pam_pwhistory.so module line as follows:
password required pam_pwhistory.so remember=5 retry=3 enforce_for_root use_authtok
Note: The line must be configured after pam_pwquality.so.
Note: On vCenter appliances, the equivalent file must be edited under "/etc/applmgmt/appliance", if one exists, for the changes to persist after a reboot.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_8-0_Y24M08_STIG.zip
Item Details
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(1)(b), CAT|II, CCI|CCI-004061, Rule-ID|SV-258902r1003655_rule, STIG-ID|PHTN-40-000243, Vuln-ID|V-258902
Plugin: Unix
Control ID: 426b690f8b4b304a330daeea428bc0b35634d0a8b20d4f4f72710691c9026874