UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The SUSE operating system must employ a password history file.


Overview

Finding ID Version Rule ID IA Controls Severity
V-217132 SLES-12-010300 SV-217132r603262_rule Medium
Description
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.
STIG Date
SLES 12 Security Technical Implementation Guide 2021-03-04

Details

Check Text ( C-18360r369552_chk )
Verify the password history file exists on the SUSE operating system.

Check that the password history file exists with the following command:

# ls -al /etc/security/opasswd

-rw------- 1 root root 7 Dec 13 17:21 /etc/security/opasswd

If "/etc/security/opasswd" does not exist, this is a finding.
Fix Text (F-18358r369553_fix)
Configure the SUSE operating system to create the password history file with the following commands:

# sudo touch /etc/security/opasswd
# sudo chown root:root /etc/security/opasswd
# sudo chmod 0600 /etc/security/opasswd