STIGQter STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Oracle Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.

DISA Rule

SV-221667r603260_rule

Vulnerability Number

V-221667

Group Title

SRG-OS-000069-GPOS-00037

Rule Version

OL07-00-010118

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure PAM to utilize /etc/pam.d/system-auth when changing passwords.

Add the following line to "/etc/pam.d/passwd" (or modify the line to have the required value):

password substack system-auth

Check Contents

Verify that /etc/pam.d/passwd is configured to use /etc/pam.d/system-auth when changing passwords:

# cat /etc/pam.d/passwd | grep -i substack | grep -i system-auth
password substack system-auth

If no results are returned, the line is commented out, this is a finding.

Vulnerability Number

V-221667

Documentable

False

Rule Version

OL07-00-010118

Severity Override Guidance

Verify that /etc/pam.d/passwd is configured to use /etc/pam.d/system-auth when changing passwords:

# cat /etc/pam.d/passwd | grep -i substack | grep -i system-auth
password substack system-auth

If no results are returned, the line is commented out, this is a finding.

Check Content Reference

M

Target Key

4089

Comments