STIGQter STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Oracle Linux operating system must be configured so that user and group account administration utilities are configured to store only encrypted representations of passwords.

DISA Rule

SV-221680r603260_rule

Vulnerability Number

V-221680

Group Title

SRG-OS-000073-GPOS-00041

Rule Version

OL07-00-010220

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the operating system to store only SHA512 encrypted representations of passwords.

Add or update the following line in "/etc/libuser.conf" in the [defaults] section:

crypt_style = sha512

Check Contents

Verify the user and group account administration utilities are configured to store only encrypted representations of passwords. The strength of encryption that must be used to hash passwords for all accounts is "SHA512".

Check that the system is configured to create "SHA512" hashed passwords with the following command:

# grep -i sha512 /etc/libuser.conf

crypt_style = sha512

If the "crypt_style" variable is not set to "sha512", is not in the defaults section, is commented out, or does not exist, this is a finding.

Vulnerability Number

V-221680

Documentable

False

Rule Version

OL07-00-010220

Severity Override Guidance

Verify the user and group account administration utilities are configured to store only encrypted representations of passwords. The strength of encryption that must be used to hash passwords for all accounts is "SHA512".

Check that the system is configured to create "SHA512" hashed passwords with the following command:

# grep -i sha512 /etc/libuser.conf

crypt_style = sha512

If the "crypt_style" variable is not set to "sha512", is not in the defaults section, is commented out, or does not exist, this is a finding.

Check Content Reference

M

Target Key

4089

Comments