|Platform: ubuntu14.04||Date: (C)2017-03-14 (M)2019-02-28|
Set Password Creation Requirement Parameters Using pam_cracklib (Scored)
The pam_cracklib module checks the strength of passwords. It performs checks such as making sure a password is not a dictionary word, it is a certain length, contains a mix of characters (e.g. alphabet, numeric, other) and more. The following are definitions of the pam_cracklib.so options.
* retry=3 - Allow 3 tries before sending back a failure.
* minlen=14 - password must be 14 characters or more
* dcredit=-1 - provide at least one digit
* ucredit=-1 - provide at least one uppercase character
* ocredit=-1 - provide at least one special character
* lcredit=-1 - provide at least one lowercase character
The setting shown above is one possible policy. Alter these values to conform to your own organization's password policies.
Strong passwords protect systems from being hacked through brute force methods.
Set the pam_cracklib.so parameters as follows in /etc/pam.d/common-password:
password required pam_cracklib.so retry=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:33925|