Password pam_unix.so sha512 shadow remember=5 rounds=5000 # grep -i remember /etc/pam.d/common-password Verify that the Ubuntu operating system prevents passwords from being reused for a minimum of five generations by running the following command: If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.Ĭanonical Ubuntu 18.04 LTS Security Technical Implementation Guideĭetails Check Text ( C-20905r304868_chk ) Password sufficient pam_unix.Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the line containing the "pam_unix.so" line does not have the "remember" module argument set, or the value of the "remember" module argument is set to less than "5", this is a finding.Ĭonfigure the operating system to prohibit password reuse for a minimum of five generations.Īdd the following line in "/etc/pam.d/system-auth-ac" (or modify the line to have the required value): Password sufficient pam_unix.so use_authtok sha512 shadow remember=5 # grep -i remember /etc/pam.d/system-auth-ac Verify the operating system prohibits password reuse for a minimum of five generations.Ĭheck for the value of the "remember" argument in "/etc/pam.d/system-auth-ac" with the following command: Red Hat Enterprise Linux 7 Security Technical Implementation Guide If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
0 kommentar(er)
