![]() Note: Manual changes to the listed files may be overwritten by the "authconfig" program. If the line containing the "pam_pwhistory.so" line does not have the "remember" module argument set, is commented out, or the value of the "remember" module argument is set to less than "5", this is a finding.Ĭonfigure the operating system to prohibit password reuse for a minimum of five generations.Īdd the following line in "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" (or modify the line to have the required value): Password requisite pam_pwhistory.so use_authtok remember=5 retry=3 ![]() # grep -i remember /etc/pam.d/system-auth /etc/pam.d/password-auth Verify the operating system prohibits password reuse for a minimum of five generations.Ĭheck for the value of the "remember" argument in "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" with the following command: ![]() Red Hat Enterprise Linux 7 Security Technical Implementation Guide If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |