RHEL-06-000299 - The system must require passwords to contain no more than three consecutive repeating characters - password-auth.

Information

Passwords with excessive repeating characters may be more vulnerable to password-guessing attacks.

Solution

The pam_cracklib module's 'maxrepeat' parameter controls requirements for consecutive repeating characters. When set to a positive number, it will reject passwords which contain more than that number of consecutive characters.

Edit /etc/pam.d/system-auth and /etc/pam.d/password-auth adding 'maxrepeat=3' after pam_cracklib.so to prevent a run of (3 + 1) or more identical characters.

password required pam_cracklib.so maxrepeat=3

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_6_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Rule-ID|SV-218047r603264_rule, STIG-ID|RHEL-06-000299, STIG-Legacy|SV-50494, STIG-Legacy|V-38693, Vuln-ID|V-218047

Plugin: Unix

Control ID: 321ac949319387939b7398767758ba44d7dbf59c8ab19bbf8777ed59d0f54a6f