5.3.1 Ensure password creation requirements are configured - system-auth ocredit

Information

Strong passwords protect systems from being hacked through brute force methods.

Solution

Edit the /etc/pam.d/password-auth and /etc/pam.d/system-auth files to include the appropriate options for pam_cracklib.so and to conform to site policy:
password requisite pam_cracklib.so try_first_pass retry=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1

See Also

https://workbench.cisecurity.org/files/1857

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv6|5.7, CSCv6|16.12

Plugin: Unix

Control ID: ed37b8ce4fb035553f369d37c9ad4d11d720297ccbd7f7b76410019f6683a8dc