STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must require the change of at least 8 characters when passwords are changed.

DISA Rule

SV-238224r653847_rule

Vulnerability Number

V-238224

Group Title

SRG-OS-000072-GPOS-00040

Rule Version

UBTU-20-010053

Severity

CAT III

CCI(s)

• CCI-000195 - The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to require the change of at least eight characters when passwords are changed.

Add or update the "/etc/security/pwquality.conf" file to include the "difok=8" parameter:

difok=8

Check Contents

Verify the Ubuntu operating system requires the change of at least eight characters when passwords are changed.

Determine if the field "difok" is set in the "/etc/security/pwquality.conf" file with the following command:

$ grep -i "difok" /etc/security/pwquality.conf
difok=8

If the "difok" parameter is less than "8" or is commented out, this is a finding.

Vulnerability Number

V-238224

Documentable

False

Rule Version

UBTU-20-010053

Severity Override Guidance

Verify the Ubuntu operating system requires the change of at least eight characters when passwords are changed.

Determine if the field "difok" is set in the "/etc/security/pwquality.conf" file with the following command:

$ grep -i "difok" /etc/security/pwquality.conf
difok=8

If the "difok" parameter is less than "8" or is commented out, this is a finding.

Check Content Reference

M

Target Key

5318

Comments