STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must require the change of at least 8 characters when passwords are changed.

DISA Rule

SV-219175r610963_rule

Vulnerability Number

V-219175

Group Title

SRG-OS-000072-GPOS-00040

Rule Version

UBTU-18-010103

Severity

CAT III

CCI(s)

• CCI-000195 - The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to require the change of at least 8 characters when passwords are changed.

Add or update the "/etc/security/pwquality.conf" file to include the "difok=8" parameter:

difok=8

Check Contents

Verify the Ubuntu operating system requires the change of at least 8 characters when passwords are changed.

Determine if the field "difok" is set in the "/etc/security/pwquality.conf" file with the following command:

# grep -i "difok" /etc/security/pwquality.conf
difok=8

If the "difok" parameter is less than "8", or is commented out, this is a finding.

Vulnerability Number

V-219175

Documentable

False

Rule Version

UBTU-18-010103

Severity Override Guidance

Verify the Ubuntu operating system requires the change of at least 8 characters when passwords are changed.

Determine if the field "difok" is set in the "/etc/security/pwquality.conf" file with the following command:

# grep -i "difok" /etc/security/pwquality.conf
difok=8

If the "difok" parameter is less than "8", or is commented out, this is a finding.

Check Content Reference

M

Target Key

4055

Comments