STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character.

DISA Rule

SV-204407r603261_rule

Vulnerability Number

V-204407

Group Title

SRG-OS-000069-GPOS-00037

Rule Version

RHEL-07-010120

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the operating system to enforce password complexity by requiring that at least one upper-case character be used by setting the "ucredit" option.

Add the following line to "/etc/security/pwquality.conf" (or modify the line to have the required value):

ucredit = -1

Check Contents

Note: The value to require a number of upper-case characters to be set is expressed as a negative number in "/etc/security/pwquality.conf".

Check the value for "ucredit" in "/etc/security/pwquality.conf" with the following command:

# grep ucredit /etc/security/pwquality.conf
ucredit = -1

If the value of "ucredit" is not set to a negative value, this is a finding.

Vulnerability Number

V-204407

Documentable

False

Rule Version

RHEL-07-010120

Severity Override Guidance

Note: The value to require a number of upper-case characters to be set is expressed as a negative number in "/etc/security/pwquality.conf".

Check the value for "ucredit" in "/etc/security/pwquality.conf" with the following command:

# grep ucredit /etc/security/pwquality.conf
ucredit = -1

If the value of "ucredit" is not set to a negative value, this is a finding.

Check Content Reference

M

Target Key

2899

Comments