Set Password Maximum Consecutive Repeating Characters
An XCCDF Rule
Description
The pam_pwquality module's maxrepeat
parameter controls requirements for
consecutive repeating characters. When set to a positive number, it will reject passwords
which contain more than that number of consecutive characters. Modify the maxrepeat
setting
in /etc/security/pwquality.conf
to equal
Rationale
Use of a complex password helps to increase the time and resources required to compromise the password.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at
guessing and brute-force attacks.
Password complexity is one factor of several that determines how long it takes to crack a password. The more
complex the password, the greater the number of possible combinations that need to be tested before the
password is compromised.
Passwords with excessive repeating characters may be more vulnerable to password-guessing attacks.
- ID
- xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-RHEL-09-611125
- NIST-800-53-CM-6(a)
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q pam; then
var_password_pam_maxrepeat='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_password_pam_maxrepeat" use="legacy"/>'