The SLES for vRealize must prevent the use of dictionary words for passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239644 | VROM-SL-001475 | SV-239644r662383_rule | Medium |
| Description |
|---|
| If SLES for vRealize system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks. |
| STIG | Date |
|---|---|
| VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide | 2021-07-01 |
Details
| Check Text ( C-42877r662381_chk ) |
|---|
| Check "/etc/pam.d/common-password" for "pam_cracklib" configuration: # grep pam_cracklib /etc/pam.d/common-password* If "pam_cracklib" is not present, this is a finding. Ensure the passwd command uses the common-password settings. # grep common-password /etc/pam.d/passwd If a line "password include common-password" is not found then the password checks in common-password will not be applied to new passwords, this is a finding. |
| Fix Text (F-42836r662382_fix) |
|---|
| Edit "/etc/pam.d/common-password" and configure "pam_cracklib" by adding a line such as "password requisite pam_cracklib.so". |