STIGQter STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must enforce a minimum 15-character password length.

DISA Rule

SV-238225r653850_rule

Vulnerability Number

V-238225

Group Title

SRG-OS-000078-GPOS-00046

Rule Version

UBTU-20-010054

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to enforce a minimum 15-character password length.

Add or modify the "minlen" parameter value to the "/etc/security/pwquality.conf" file:

minlen=15

Check Contents

Verify the pwquality configuration file enforces a minimum 15-character password length by running the following command:

$ grep -i ^minlen /etc/security/pwquality.conf
minlen=15

If "minlen" parameter value is not "15" or higher or is commented out, this is a finding.

Vulnerability Number

V-238225

Documentable

False

Rule Version

UBTU-20-010054

Severity Override Guidance

Verify the pwquality configuration file enforces a minimum 15-character password length by running the following command:

$ grep -i ^minlen /etc/security/pwquality.conf
minlen=15

If "minlen" parameter value is not "15" or higher or is commented out, this is a finding.

Check Content Reference

M

Target Key

5318

Comments