An XCCDF Group - A logical subset of the XCCDF Benchmark
/etc/pam.d
/etc/pam.d/login
/etc/pam.d/system-auth
/etc/security/opasswd
$ sudo grep pam_succeed_if /etc/pam.d/sudo
pam_lastlog
/etc/pam.d/postlogin
showfailed
session [default=1] pam_lastlog.so showfailed
silent
pam_faillock
/usr/share/doc/pam-VERSION/txts/README.pam_faillock
remember
pam_pwhistory
authselect
authselect enable-feature with-pwhistory
/etc/security/pwhistory.conf
pam_pwquality
pam_pwquality(8)
pam_cracklib
password requisite pam_cracklib.so try_first_pass retry=3
password required pam_cracklib.so try_first_pass retry=3 maxrepeat=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 difok=4
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
/etc/security/pwquality.conf
difok = 4 minlen = 14 dcredit = -1 ucredit = -1 lcredit = -1 ocredit = -1 maxrepeat = 3
minclass
* Upper-case characters * Lower-case characters * Digits * Special characters (for example, punctuation)
minlen
minlen=
pam_pwquality.so
retry=
/etc/shadow
password
pam_unix.so
sha512
password sufficient pam_unix.so sha512 other arguments...