Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-261385 | SLEM-05-611050 | SV-261385r996586_rule | Medium |
| Description |
|---|
| Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide | 2024-06-04 |
Details
| Check Text ( C-65114r996584_chk ) |
|---|
| Verify SLEM 5 configures the Linux PAM to only store encrypted representations of passwords with the following command: > grep pam_unix.so /etc/pam.d/common-password password required pam_unix.so sha512 If the value "sha512" is not present in the line, the second column value is different from "requisite", the line is commented out, or the line is missing, this is a finding. |
| Fix Text (F-65022r996585_fix) |
|---|
| Configure SLEM 5 Linux PAM to only store encrypted representations of passwords. All account passwords must be hashed with SHA512 encryption strength. Edit "/etc/pam.d/common-password" and edit the line containing "pam_unix.so" to contain the SHA512 keyword after third column. Remove the "nullok" option if it exists. |