Skip to content

Set Password Strength Minimum Uppercase Characters

An XCCDF Rule

Description

The pam_cracklib module's ucredit= parameter controls requirements for usage of uppercase letters in a password. When set to a negative number, any password will be required to contain that many uppercase characters. When set to a positive number, pam_cracklib will grant +1 additional length credit for each uppercase character. Add ucredit=-1 after pam_cracklib.so to require use of an upper case character in passwords.

Rationale

Requiring a minimum number of uppercase characters makes password guessing attacks more difficult by ensuring a larger search space.

ID
xccdf_org.ssgproject.content_rule_cracklib_accounts_password_pam_ucredit
Severity
Medium
References
Updated



Remediation - Ansible

- name: XCCDF Value var_password_pam_ucredit # promote to variable
  set_fact:
    var_password_pam_ucredit: !!str <xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_password_pam_ucredit" use="legacy"/>
  tags:
    - always


Remediation - Shell Script


declare -a VALUES=()
declare -a VALUE_NAMES=()
declare -a ARGS=()
declare -a NEW_ARGS=()