The system must prohibit the reuse of passwords to 15 iterations.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-4084	GEN000800 M6	SV-38632r1_rule	IAIA-1 IAIA-2	Medium

Description
If a user, or root, used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at the user's password until it was guessed correctly.

STIG	Date
MAC OSX 10.6 Workstation Security Technical Implementation Guide	2013-04-09

Details

Check Text ( C-37781r1_chk )
Open a terminal session and use the following command to view the setting for password history. sudo pwpolicy -n -getglobalpolicy \| tr " " "\n" \| grep usingHistory If the value of usingHistory is less than 15, this is a finding. NOTE: If the command returns a response of password server is not configured, the system is not managed. Use the following command for non-managed systems. pwpolicy -n /Local/Default -getglobalpolicy \| tr " " "\n" \| grep usingHistory

Check Text ( C-37781r1_chk )

Open a terminal session and use the following command to view the setting for password history.

sudo pwpolicy -n -getglobalpolicy | tr " " "\n" | grep usingHistory

If the value of usingHistory is less than 15, this is a finding.

NOTE: If the command returns a response of password server is not configured, the system is not managed. Use the following command for non-managed systems.

pwpolicy -n /Local/Default -getglobalpolicy | tr " " "\n" | grep usingHistory

Fix Text (F-33031r1_fix)
Open a terminal session and use the following command to set the value for usingHistory. sudo pwpolicy -n -setglobalpolicy "usingHistory=15" NOTE: For non-managed system, use the following command. pwpolicy -n /Local/Default -setglobalpolicy "usingHistory=15"