SV-99409r1_rule
V-88759
SRG-OS-000480-GPOS-00225
VROM-SL-001475
CAT II
10
Edit "/etc/pam.d/common-password" and configure "pam_cracklib" by adding a line such as "password requisite pam_cracklib.so".
Check "/etc/pam.d/common-password" for "pam_cracklib" configuration:
# grep pam_cracklib /etc/pam.d/common-password*
If "pam_cracklib" is not present, this is a finding.
Ensure the passwd command uses the common-password settings.
# grep common-password /etc/pam.d/passwd
If a line "password include common-password" is not found then the password checks in common-password will not be applied to new passwords, this is a finding.
V-88759
False
VROM-SL-001475
Check "/etc/pam.d/common-password" for "pam_cracklib" configuration:
# grep pam_cracklib /etc/pam.d/common-password*
If "pam_cracklib" is not present, this is a finding.
Ensure the passwd command uses the common-password settings.
# grep common-password /etc/pam.d/passwd
If a line "password include common-password" is not found then the password checks in common-password will not be applied to new passwords, this is a finding.
M
3461