The system must prohibit the reuse of passwords within five iterations.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-4084	GEN000800	SV-37323r2_rule	IAIA-1 IAIA-2	Medium

Description
If a user, or root, used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.

STIG	Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide	2014-07-02

Details

Check Text ( None )
None

Fix Text (F-31265r2_fix)
Create the password history file. # touch /etc/security/opasswd # chown root:root /etc/security/opasswd # chmod 0600 /etc/security/opasswd Enable password history. If /etc/pam.d/system-auth references /etc/pam.d/system-auth-ac refer to the man page for system-auth-ac for a description of how to add options not configurable with authconfig. Edit /etc/pam.d/system-auth to include the remember option on any "password pam_unix" or "password pam_history" lines set to at least 5.

Fix Text (F-31265r2_fix)

Create the password history file.
# touch /etc/security/opasswd
# chown root:root /etc/security/opasswd
# chmod 0600 /etc/security/opasswd

Enable password history.
If /etc/pam.d/system-auth references /etc/pam.d/system-auth-ac refer to the man page for system-auth-ac for a description of how to add options not configurable with authconfig. Edit /etc/pam.d/system-auth to include the remember option on any "password pam_unix" or "password pam_history" lines set to at least 5.