RHEL-06-000274 - The system must prohibit the reuse of passwords within five iterations - system-auth.

Information

Preventing reuse of previous passwords helps ensure that a compromised password is not reused by a user.

Solution

Do not allow users to reuse recent passwords. This can be accomplished by using the 'remember' option for the 'pam_pwhistory' PAM module. In the file '/etc/pam.d/system-auth' and /etc/pam.d/password-auth, append 'remember=5' to the lines that refer to the 'pam_pwhistory.so' module, as shown:

password required pam_pwhistory.so [existing_options] remember=5

or

password requisite pam_pwhistory.so [existing_options] remember=5

The DoD requirement is five passwords.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_6_V2R2_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(e), CAT|II, CCI|CCI-000200, Rule-ID|SV-218026r603264_rule, STIG-ID|RHEL-06-000274, STIG-Legacy|SV-50459, STIG-Legacy|V-38658, Vuln-ID|V-218026

Plugin: Unix

Control ID: 2a85850f5eefd4b7dc6898c7518989ab4d65db31f7ef74864727efef2240cf57