ANSSI-BP-028 (high)

Rules and Groups employed by this XCCDF Profile

Limit Password Reuse

Do not allow users to reuse recent passwords. This can be accomplished by using the <code>remember</code> option for the <code>pam_unix</code> or <...

Rule Medium Severity

Show

Lock Accounts After Failed Password Attempts

This rule configures the system to lock out accounts after a number of incorrect login attempts using <code>pam_faillock.so</code>. pam_faillock.so...

Rule Medium Severity

Show

Set Interval For Counting Failed Password Attempts

Utilizing <code>pam_faillock.so</code>, the <code>fail_interval</code> directive configures the system to lock out an account after a number of inc...

Rule Medium Severity

Show

Set Lockout Time for Failed Password Attempts

This rule configures the system to lock out accounts during a specified time period after a number of incorrect login attempts using <code>pam_fail...

Rule Medium Severity

Show

Ensure PAM Enforces Password Requirements - Minimum Digit Characters

The pam_pwquality module's <code>dcredit</code> parameter controls requirements for usage of digits in a password. When set to a negative number, a...

Rule Medium Severity

Show

Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters

The pam_pwquality module's <code>lcredit</code> parameter controls requirements for usage of lowercase letters in a password. When set to a negativ...

Rule Medium Severity

Show

Ensure PAM Enforces Password Requirements - Minimum Different Categories

The pam_pwquality module's <code>minclass</code> parameter controls requirements for usage of different character classes, or types, of character t...

Rule Medium Severity

Show

Ensure PAM Enforces Password Requirements - Minimum Length

The pam_pwquality module's <code>minlen</code> parameter controls requirements for minimum characters required in a password. Add <code>minlen=<xcc...

Rule Medium Severity

Show

Ensure PAM Enforces Password Requirements - Minimum Special Characters

The pam_pwquality module's <code>ocredit=</code> parameter controls requirements for usage of special (or "other") characters in a password. When s...

Rule Medium Severity

Show

Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session

To configure the number of retry prompts that are permitted per-session: Edit the <code>pam_pwquality.so</code> statement in <code>/etc/pam.d/com...

Rule Medium Severity

Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity

Modules