SV-204406r603261_rule
V-204406
SRG-OS-000069-GPOS-00037
RHEL-07-010119
CAT II
10
Configure the operating system to use "pwquality" to enforce password complexity rules.
Add the following line to "/etc/pam.d/system-auth" (or modify the line to have the required value):
password required pam_pwquality.so retry=3
Note: The value of "retry" should be between "1" and "3".
Verify the operating system uses "pwquality" to enforce the password complexity rules.
Check for the use of "pwquality" with the following command:
# cat /etc/pam.d/system-auth | grep pam_pwquality
password required pam_pwquality.so retry=3
If the command does not return an uncommented line containing the value "pam_pwquality.so", this is a finding.
If the value of "retry" is set to "0" or greater than "3", this is a finding.
V-204406
False
RHEL-07-010119
Verify the operating system uses "pwquality" to enforce the password complexity rules.
Check for the use of "pwquality" with the following command:
# cat /etc/pam.d/system-auth | grep pam_pwquality
password required pam_pwquality.so retry=3
If the command does not return an uncommented line containing the value "pam_pwquality.so", this is a finding.
If the value of "retry" is set to "0" or greater than "3", this is a finding.
M
2899