Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Photon operating system must enforce password complexity on the root account.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239188 | PHTN-67-000117 | SV-239188r675372_rule | Medium |
| Description |
|---|
| Password complexity rules must apply to all accounts on the system, including root. Without specifying the enforce_for_root flag, pam_cracklib does not apply complexity rules to the root user. While root users can find ways around this requirement, given its superuser power, it is necessary to attempt to force compliance. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 Photon OS Security Technical Implementation Guide | 2021-04-15 |
Details
| Check Text ( C-42399r675370_chk ) |
|---|
| At the command line, execute the following command: # grep pam_cracklib /etc/pam.d/system-password|grep --color=always "enforce_for_root" Expected result: password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=8 minclass=4 difok=4 retry=3 maxsequence=0 enforce_for_root If the output does not match the expected result, this is a finding. |
| Fix Text (F-42358r675371_fix) |
|---|
| Open /etc/pam.d/system-password with a text editor. Add the following, replacing any existing "pam_cracklib.so" line: password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=8 minclass=4 difok=4 retry=3 maxsequence=0 enforce_for_root |