STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-4084

CAT II (Medium)

The system must prohibit the reuse of passwords within five iterations.

Rule ID

SV-44884r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000200

Discussion

If a user, or root, used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.

Check Content

# pam-config -q --pwhistory
If the result is not’ password: remember=5’ or higher, then this is a finding.

# ls /etc/security/opasswd
If /etc/security/opasswd does not exist, then this is a finding.

# grep password /etc/pam.d/common-password| grep pam_pwhistory.so | grep remember
If the "remember" option in /etc/pam.d/common-password is not 5 or greater, this is a finding.

Fix Text

Create the password history file.
# touch /etc/security/opasswd
# chown root:root /etc/security/opasswd
# chmod 0600 /etc/security/opasswd

Configure pam to use password history.
# pam-config -a --pwhistory
# pam-config -a --pwhistory-remember=5