Ensure password reuse is limited - pam_unix.so

Information

Forcing users not to reuse their past 5 passwords make it less likely that an attacker will be able to guess the password. Note that these change only apply to accounts configured on the local system.

Solution

Edit the /etc/pam.d/password-auth and /etc/pam.d/system-auth files to include the remember option and conform to site policy as shown: password sufficient pam_unix.so remember=5

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(e), CSCv6|16

Plugin: Unix

Control ID: eaa9ebbeb91b8b97e7ab5e560cc02004c47016ae3f72f32a57acc31f1a9f66d9