An XCCDF Group - A logical subset of the XCCDF Benchmark
/etc/pam.d
/etc/pam.d/login
/etc/pam.d/system-auth
/etc/security/opasswd
$ sudo grep pam_succeed_if /etc/pam.d/sudo
pam_lastlog
showfailed
session optional pam_lastlog.so showfailed
silent
session required pam_namespace.so
pam_faillock
/usr/share/doc/pam-VERSION/txts/README.pam_faillock
remember
pam_pwhistory
/etc/pam.d/common-password
use_authtok
password requisite pam_pwhistory.so ...existing_options... remember= use_authtok
pam_unix
pam_faildelay
/etc/pam.d/common-auth
delay
auth required pam_faildelay.so delay=
root
pam_tally2.so
pam_pwquality
pam_pwquality(8)
pam_cracklib
password requisite pam_cracklib.so try_first_pass retry=3
password required pam_cracklib.so try_first_pass retry=3 maxrepeat=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 difok=4
dcredit
dcredit=-1
difok
lcredit=
lcredit=-1
minlen
minlen=
ocredit=
ocredit
retry
retry=1
ucredit=
ucredit=-1
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
/etc/security/pwquality.conf
difok = 4 minlen = 14 dcredit = -1 ucredit = -1 lcredit = -1 ocredit = -1 maxrepeat = 3
pam_pwquality.so
retry=
/etc/shadow
auth
pam_unix.so
sha512
auth required pam_unix.so sha512 other arguments...
/etc/libuser.conf
[defaults]
crypt_style = sha512
/etc/login.defs
ENCRYPT_METHOD
password
password required pam_unix.so sha512 other arguments...
SHA_CRYPT_MIN_ROUNDS
SHA_CRYPT_MAX_ROUNDS
5000
SHA_CRYPT_MIN_ROUNDS 5000 SHA_CRYPT_MAX_ROUNDS 5000