Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-240544 | VRAU-SL-001500 | SV-240544r671373_rule | Medium |
Description |
---|
If the operating system allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks. |
STIG | Date |
---|---|
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide | 2021-06-24 |
Check Text ( C-43777r671371_chk ) |
---|
Check "/etc/pam.d/common-password" for "pam_cracklib" configuration: # grep pam_cracklib /etc/pam.d/common-password* If "pam_cracklib" is not present, this is a finding. Ensure the "passwd" command uses the "common-password" settings. # grep common-password /etc/pam.d/passwd If a line "password include common-password" is not found then the "password checks in common-password" will not be applied to new passwords, this is a finding. |
Fix Text (F-43736r671372_fix) |
---|
Edit "/etc/pam.d/common-password" and configure "pam_cracklib" by adding a line such as "password requisite pam_cracklib.so" |