ESXI-06-000033 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.

Information

Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The use of unapproved algorithms may result in weak password hashes more vulnerable to compromise.

Solution

To set the remember option, add or correct the following line in '/etc/pam.d/passwd':

password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512 remember=5

See Also

http://iasecontent.disa.mil/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Group-ID|V-63235, Rule-ID|SV-77725r1_rule, STIG-ID|ESXI-06-000033, Vuln-ID|V-63235

Plugin: Unix

Control ID: 5618026c3e933a83bac4b7c29d12bf84aea439e4f6ddb9b4354b6b0df03fa599