Skip to content

Ensure PAM password complexity module is enabled in system-auth

An XCCDF Rule

Description

To enable PAM password complexity in system-auth file: Edit the password section in /etc/pam.d/system-auth to show password requisite pam_pwquality.so.

Rationale

Enabling PAM password complexity permits to enforce strong passwords and consequently makes the system less prone to dictionary attacks.

ID
xccdf_org.ssgproject.content_rule_accounts_password_pam_pwquality_system_auth
Severity
Medium
References
Updated



Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - DISA-STIG-OL08-00-020101
  - accounts_password_pam_pwquality_system_auth

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if rpm --quiet -q pam; then

if [ -e "/etc/pam.d/system-auth" ] ; then
    PAM_FILE_PATH="/etc/pam.d/system-auth"
    if [ -f /usr/bin/authselect ]; then