The Red Hat Enterprise Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.

An XCCDF Rule

Details
Profiles

Description

Pluggable authentication modules (PAM) allow for a modular approach to integrating authentication methods. PAM operates in a top-down processing model and if the modules are not listed in the correct order, an important security function could be bypassed if stack entries are not centralized.

ID: SV-204405r603261_rule
Version: RHEL-07-010118
Severity: Medium
References: CCI-000192
Updated: 5 days ago

Remediation Templates

Configure PAM to utilize /etc/pam.d/system-auth when changing passwords.

Add the following line to "/etc/pam.d/passwd" (or modify the line to have the required value):

password     substack    system-auth

The Red Hat Enterprise Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.

Description

Remediation Templates

A Manual Procedure