Check: OL6-00-000299
Oracle Linux 6 STIG:
OL6-00-000299
(in versions v2 r7 through v1 r14)
Title
The system must require passwords to contain no more than three consecutive repeating characters. (Cat III impact)
Discussion
Passwords with excessive repeating characters may be more vulnerable to password-guessing attacks.
Check Content
To check the maximum value for consecutive repeating characters, run the following command: $ grep pam_cracklib /etc/pam.d/system-auth /etc/pam.d/password-auth Look for the value of the "maxrepeat" parameter. The DoD requirement is “3”. If "maxrepeat" is not found, is set to zero, or is set to a value greater than “3”, this is a finding.
Fix Text
The pam_cracklib module's ”maxrepeat” parameter controls requirements for consecutive repeating characters. When set to a positive number, it will reject passwords that contain more than the number of consecutive characters. Edit /etc/pam.d/system-auth and /etc/pam.d/password-auth adding "maxrepeat=3" after pam_cracklib.so to prevent a run of (3 + 1) or more identical characters. password required pam_cracklib.so maxrepeat=3
Additional Identifiers
Rule ID: SV-209029r793750_rule
Vulnerability ID: V-209029
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |