Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-214965 | UBTU-16-010270 | SV-214965r508033_rule | Medium |
Description |
---|
If the Ubuntu operating system allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks. |
STIG | Date |
---|---|
Canonical Ubuntu 16.04 LTS Security Technical Implementation Guide | 2020-09-03 |
Check Text ( C-16164r284763_chk ) |
---|
Verify the "passwd" command uses the common-password settings. Check that the "passwd" command uses the common-password option with the following command: # grep common-password /etc/pam.d/passwd @ include common-password If the command does not return a line, or the line is commented out, this is a finding. |
Fix Text (F-16162r284764_fix) |
---|
Configure the Ubuntu operating system to prevent the use of dictionary words for passwords. Edit the file "/etc/pam.d/passwd" and add the following line: @ include common-password |