Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-240545 | VRAU-SL-001505 | SV-240545r671376_rule | Medium |
Description |
---|
If the operating system allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks. |
STIG | Date |
---|---|
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide | 2021-06-24 |
Check Text ( C-43778r671374_chk ) |
---|
Verify the module "pam_cracklib.so" is present. # ls /lib/security/ Confirm that "pam_cracklib.so" is present in the directory listing. If "pam_cracklib.so" is not present, this is a finding. Verify the file "/etc/pam.d/common-password" is configured. # grep pam_cracklib /etc/pam.d/common-password* If a line containing "password required pam_cracklib.so" is not present, this is a finding. |
Fix Text (F-43737r671375_fix) |
---|
Configure the SLES for vRealize to prevent the use of dictionary words for passwords. Edit the file "/etc/pam.d/common-password". Configure "common-password" by adding a line such as: password required pam_cracklib.so Save the changes made to the file "/etc/pam.d/common-password". |