Check: OL6-00-000063
Oracle Linux 6 STIG:
OL6-00-000063
(in versions v2 r7 through v1 r9)
Title
The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (login.defs). (Cat II impact)
Discussion
Using a stronger hashing algorithm makes password cracking attacks more difficult.
Check Content
Inspect "/etc/login.defs" and ensure the following line appears: ENCRYPT_METHOD SHA512 If it does not, this is a finding.
Fix Text
In "/etc/login.defs", add or correct the following line to ensure the system will use SHA-512 as the hashing algorithm: ENCRYPT_METHOD SHA512
Additional Identifiers
Rule ID: SV-208838r793623_rule
Vulnerability ID: V-208838
Group Title: SRG-OS-000120
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000803 |
The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. |
Controls
Number | Title |
---|---|
IA-7 |
Cryptographic Module Authentication |