OL07-00-010270 - The Oracle Linux operating system must be configured so that passwords are prohibited from reuse for a minimum of five generations.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to reuse their password consecutively when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements.

Solution

Configure the operating system to prohibit password reuse for a minimum of five generations.

Add the following line in '/etc/pam.d/system-auth' and '/etc/pam.d/password-auth' (or modify the line to have the required value):

password requisite pam_pwhistory.so use_authtok remember=5 retry=3

Note: Manual changes to the listed files may be overwritten by the 'authconfig' program. The 'authconfig' program should not be used to update the configurations listed in this requirement.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_7_V2R5_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CAT|II, CCI|CCI-000200, Rule-ID|SV-221685r603260_rule, STIG-ID|OL07-00-010270, STIG-Legacy|SV-108213, STIG-Legacy|V-99109, Vuln-ID|V-221685

Plugin: Unix

Control ID: 416b54fae8188d34bbbe8076938ab503b0f6b38c4630d82514bf6eeca1199ff9