STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.

DISA Rule

SV-204406r603261_rule

Vulnerability Number

V-204406

Group Title

SRG-OS-000069-GPOS-00037

Rule Version

RHEL-07-010119

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the operating system to use "pwquality" to enforce password complexity rules.

Add the following line to "/etc/pam.d/system-auth" (or modify the line to have the required value):

password required pam_pwquality.so retry=3

Note: The value of "retry" should be between "1" and "3".

Check Contents

Verify the operating system uses "pwquality" to enforce the password complexity rules.

Check for the use of "pwquality" with the following command:

# cat /etc/pam.d/system-auth | grep pam_pwquality

password required pam_pwquality.so retry=3

If the command does not return an uncommented line containing the value "pam_pwquality.so", this is a finding.

If the value of "retry" is set to "0" or greater than "3", this is a finding.

Vulnerability Number

V-204406

Documentable

False

Rule Version

RHEL-07-010119

Severity Override Guidance

Verify the operating system uses "pwquality" to enforce the password complexity rules.

Check for the use of "pwquality" with the following command:

# cat /etc/pam.d/system-auth | grep pam_pwquality

password required pam_pwquality.so retry=3

If the command does not return an uncommented line containing the value "pam_pwquality.so", this is a finding.

If the value of "retry" is set to "0" or greater than "3", this is a finding.

Check Content Reference

M

Target Key

2899

Comments