5.3.3.3.2 Ensure password history is enforced for the root user

Information

If the pwhistory enforce_for_root option is enabled, the module will enforce password history for the root user as well

Requiring users not to reuse their passwords make it less likely that an attacker will be able to guess the password or use a compromised password

Note: These change only apply to accounts configured on the local system.

Solution

Edit or add the following line in /etc/security/pwhistory.conf :

enforce_for_root

See Also

https://workbench.cisecurity.org/benchmarks/18209

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: 080fd8f9c6c6fba20e97dc26d760166a78e6b388626400872e3be59a6f1d74d2