STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must be configured so that user and group account administration utilities are configured to store only encrypted representations of passwords.

DISA Rule

SV-204417r603261_rule

Vulnerability Number

V-204417

Group Title

SRG-OS-000073-GPOS-00041

Rule Version

RHEL-07-010220

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the operating system to store only SHA512 encrypted representations of passwords.

Add or update the following line in "/etc/libuser.conf" in the [defaults] section:

crypt_style = sha512

Check Contents

Verify the user and group account administration utilities are configured to store only encrypted representations of passwords. The strength of encryption that must be used to hash passwords for all accounts is "SHA512".

Check that the system is configured to create "SHA512" hashed passwords with the following command:

# grep -i sha512 /etc/libuser.conf

crypt_style = sha512

If the "crypt_style" variable is not set to "sha512", is not in the defaults section, is commented out, or does not exist, this is a finding.

Vulnerability Number

V-204417

Documentable

False

Rule Version

RHEL-07-010220

Severity Override Guidance

Verify the user and group account administration utilities are configured to store only encrypted representations of passwords. The strength of encryption that must be used to hash passwords for all accounts is "SHA512".

Check that the system is configured to create "SHA512" hashed passwords with the following command:

# grep -i sha512 /etc/libuser.conf

crypt_style = sha512

If the "crypt_style" variable is not set to "sha512", is not in the defaults section, is commented out, or does not exist, this is a finding.

Check Content Reference

M

Target Key

2899

Comments