SV-217125r603262_rule
V-217125
SRG-OS-000480-GPOS-00227
SLES-12-010231
CAT II
10
Configure the SUSE operating system to not allow blank or null passwords.
Remove any instances of the "nullok" option in "/etc/pam.d/common-auth" and "/etc/pam.d/common-password" to prevent logons with empty passwords.
Verify the SUSE operating is not configured to allow blank or null passwords.
Check that blank or null passwords cannot be used by running the following command:
# grep pam_unix.so /etc/pam.d/* | grep nullok
If this produces any output, it may be possible to log on with accounts with empty passwords.
If null passwords can be used, this is a finding.
V-217125
False
SLES-12-010231
Verify the SUSE operating is not configured to allow blank or null passwords.
Check that blank or null passwords cannot be used by running the following command:
# grep pam_unix.so /etc/pam.d/* | grep nullok
If this produces any output, it may be possible to log on with accounts with empty passwords.
If null passwords can be used, this is a finding.
M
4033