5.3.1 Ensure password creation requirements are configured - lcredit

Information

Strong passwords protect systems from being hacked through brute force methods.

Solution

Edit the /etc/pam.d/password-auth and /etc/pam.d/system-auth files to include the appropriate options for pam_pwquality.so and to conform to site policy:
password requisite pam_pwquality.so try_first_pass retry=3
Edit /etc/security/pwquality.conf to add or update the following settings to conform to site policy:
minlen=8
dcredit=-1
ucredit=-1
ocredit=-1
lcredit=-1

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, CSCv6|5.7, CSCv6|16.12

Plugin: Unix

Control ID: 751b02842346aa604d6e6a5a8d3363879b4b26d24e7b6a638fd6621b00238943