Navigate

Check: RHEL-06-000064

Red Hat Enterprise Linux 6 STIG: RHEL-06-000064 (in versions v2 r2 through v1 r14)

Title

The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (libuser.conf). (Cat II impact)

Discussion

Using a stronger hashing algorithm makes password cracking attacks more difficult.

Check Content

Inspect "/etc/libuser.conf" and ensure the following line appears in the "[default]" section: crypt_style = sha512 If it does not, this is a finding.

Fix Text

In "/etc/libuser.conf", add or correct the following line in its "[defaults]" section to ensure the system will use the SHA-512 algorithm for password hashing: crypt_style = sha512

Additional Identifiers

Rule ID: SV-217900r603264_rule

Vulnerability ID: V-217900

Group Title: SRG-OS-000120

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000803	The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-7	Cryptographic Module Authentication