SV-234888r622137_rule
V-234888
SRG-OS-000073-GPOS-00041
SLES-15-020190
CAT II
10
Configure the SUSE operating system to encrypt all stored passwords with a strong cryptographic hash.
Edit/modify the following line in the "/etc/login.defs" file and set "SHA_CRYPT_MIN_ROUNDS" to a value no lower than "5000":
SHA_CRYPT_MIN_ROUNDS 5000
Verify the SUSE operating system configures the shadow password suite configuration to encrypt passwords using a strong cryptographic hash.
Check that a minimum number of hash rounds is configured by running the following command:
> egrep "^SHA_CRYPT_" /etc/login.defs
If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding.
If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.
V-234888
False
SLES-15-020190
Verify the SUSE operating system configures the shadow password suite configuration to encrypt passwords using a strong cryptographic hash.
Check that a minimum number of hash rounds is configured by running the following command:
> egrep "^SHA_CRYPT_" /etc/login.defs
If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding.
If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.
M
5274