An XCCDF Group - A logical subset of the XCCDF Benchmark
authselect
/etc/pam.d
/etc/pam.d/login
/etc/pam.d/system-auth
/etc/security/opasswd
pam_faillock
/usr/share/doc/pam-VERSION/txts/README.pam_faillock
remember
pam_unix
pam_pwhistory
pam_faillock.so
/etc/security/faillock.conf
deny = <count>
authconfig
root
fail_interval
fail_interval = <interval-in-seconds>
interval-in-seconds
unlock_time=<interval-in-seconds>
unlock_time
0
faillock
pam_pwquality
pam_pwquality(8)
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
/etc/security/pwquality.conf
difok = 4 minlen = 14 dcredit = -1 ucredit = -1 lcredit = -1 ocredit = -1 maxrepeat = 3
dcredit
lcredit
minclass
* Upper-case characters * Lower-case characters * Digits * Special characters (for example, punctuation)
minlen
minlen=
ocredit=
ocredit
pam_pwquality.so
retry=
ucredit=
ucredit
/etc/shadow
password
pam_unix.so
password sufficient pam_unix.so other arguments...
logind
/etc/systemd/logind.conf
[Login]
StopIdleSessionSec=
/etc/passwd
/etc/login.defs
passwd
su
login
login.defs(5)
PASS_MAX_DAYS
-M
PASS_MIN_DAYS
-m
PASS_WARN_AGE
-W
$ sudo chage -M 180 -m 7 -W 7 USER
PASS_MIN_LEN
15
12
$ sudo chage -M root
/etc/pam.d/password-auth
rounds
rounds=
password sufficient pam_unix.so ...existing_options... rounds=
sudo
/etc/securetty
/dev/console
/dev/tty*
/dev/vc/*
$ sudo echo > /etc/securetty
$ sudo mkdir --mode 000 /tmp/tmp-inst
/etc/security/namespace.conf
/tmp /tmp/tmp-inst/ level root,adm
$ sudo mkdir --mode 000 /var/tmp/tmp-inst
/var/tmp /var/tmp/tmp-inst/ level root,adm
TMOUT
/etc/profile
/etc/profile.d/tmout.sh
typeset -xr TMOUT=
declare -xr TMOUT=
typeset
$ sudo chgrp USER_GROUP /home/USER/.INIT_FILE
$ sudo chown USER /home/USER/.*
$ sudo chgrp USER_GROUP /home/USER/FILE_DIR
$ sudo chown -R USER /home/USER
$ sudo chmod 0750 /home/USER/FILE_DIR
0740
$ sudo chmod 0740 /home/USER/.INIT_FILE
umask
/etc/bashrc
UMASK
/etc/profile.d