The SLES for vRealize must prevent the use of dictionary words for passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-240545 | VRAU-SL-001505 | SV-240545r671376_rule | Medium |
| Description |
|---|
| If the operating system allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks. |
| STIG | Date |
|---|---|
| VMware vRealize Automation 7.x SLES Security Technical Implementation Guide | 2021-06-24 |
Details
| Check Text ( C-43778r671374_chk ) |
|---|
| Verify the module "pam_cracklib.so" is present. # ls /lib/security/ Confirm that "pam_cracklib.so" is present in the directory listing. If "pam_cracklib.so" is not present, this is a finding. Verify the file "/etc/pam.d/common-password" is configured. # grep pam_cracklib /etc/pam.d/common-password* If a line containing "password required pam_cracklib.so" is not present, this is a finding. |
| Fix Text (F-43737r671375_fix) |
|---|
| Configure the SLES for vRealize to prevent the use of dictionary words for passwords. Edit the file "/etc/pam.d/common-password". Configure "common-password" by adding a line such as: password required pam_cracklib.so Save the changes made to the file "/etc/pam.d/common-password". |