← Back to Riverbed NetIM OS Security Technical Implementation Guide

V-275656

CAT II (Medium)

Ubuntu OS must be configured so that when passwords are changed or new passwords are established, pwquality must be used.

Rule ID

SV-275656r1148018_rule

STIG

Riverbed NetIM OS Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-004061 CCI-004064 CCI-004065 CCI-000366

Discussion

Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system. Satisfies: SRG-OS-000710-GPOS-00160, SRG-OS-000725-GPOS-00180, SRG-OS-000730-GPOS-00190, SRG-OS-000480-GPOS-00225

Check Content

Verify Ubuntu OS enforces password complexity rules by using the following command:   
 
     $ grep -i enforcing /etc/security/pwquality.conf  
     enforcing = 1  
  
If "enforcing" is not "1", is commented out, or is missing, this is a finding.  
  
Check for the use of "pwquality" by using the following command:  
  
     $ cat /etc/pam.d/common-password | grep requisite | grep pam_pwquality 
      password     requisite     pam_pwquality.so retry=3  
  
If "retry" is set to "0" or is greater than "3", or is missing, this is a finding.

Fix Text

Configure Ubuntu OS to enforce password complexity rules. 
  
Add or modify the following line in the "/etc/security/pwquality.conf" file: 
  
enforcing = 1  
  
Add or modify the following line in the "/etc/pam.d/common-password" file: 
  
password requisite pam_pwquality.so retry=3  
  
Note: The value of "retry" should be between "1" and "3".