Check: UBTU-20-010056
Canonical Ubuntu 20.04 LTS STIG:
UBTU-20-010056
(in versions v1 r12 through v1 r1)
Title
The Ubuntu operating system must prevent the use of dictionary words for passwords. (Cat II impact)
Discussion
If the Ubuntu operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.
Check Content
Verify the Ubuntu operating system uses the "cracklib" library to prevent the use of dictionary words with the following command: $ grep dictcheck /etc/security/pwquality.conf dictcheck=1 If the "dictcheck" parameter is not set to "1" or is commented out, this is a finding.
Fix Text
Configure the Ubuntu operating system to prevent the use of dictionary words for passwords. Add or update the following line in the "/etc/security/pwquality.conf" file to include the "dictcheck=1" parameter: dictcheck=1
Additional Identifiers
Rule ID: SV-238227r653856_rule
Vulnerability ID: V-238227
Group Title: SRG-OS-000480-GPOS-00225
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |