Set Password Creation Requirement Parameters Using pam_cracklib
The pam_cracklib module checks the strength of passwords. It performs checks such as making sure a password is not a dictionary word, it is a certain length, contains a mix of characters (e.g. alphabet, numeric, other) and more. The following are definitions of the pam_cracklib.so options.
* retry=3 - Allow 3 tries before sending back a failure.
* minlen=14 - password must be 14 characters or more
* dcredit=-1 - provide at least one digit
* ucredit=-1 - provide at least one uppercase character
* ocredit=-1 - provide at least one special character
* lcredit=-1 - provide at least one lowercase character
The setting shown above is one possible policy. Alter these values to conform to your own organization's password policies.
[number digit char, number special char, number upper char, number lower char, 6 attempts, minimum length 6 or more]
Strong passwords protect systems from being hacked through brute force methods.
Fix:
Set the pam_cracklib.so parameters as follows in /etc/pam.d/common-password:
password required pam_cracklib.so retry=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1
oval:org.secpod.oval:def:55097
SCAP Repo OVAL Definition
2019-06-19