Title

The system must prevent the use of dictionary words for passwords. (Cat II impact)

Discussion

The use of common words in passwords simplifies password-cracking attacks.

Check Content

Check /etc/default/passwd for dictionary check configuration. # grep ^DICTION /etc/default/passwd If the DICTIONLIST or DICTIONDBDIR settings are not present and are not set to: DICTIONLIST=/usr/share/lib/dict/words DICTIONDBDIR=/var/passwd this is a finding. Determine if the target files exist. # ls -l /usr/share/lib/dict/words /var/passwd If the files defined by DICTIONLIST or DICTIONBDIR are not present or are empty, this is a finding.

Fix Text

The root role is required. # pfedit /etc/default/passwd Insert the lines: DICTIONLIST=/usr/share/lib/dict/words DICTIONDBDIR=/var/passwd Generate the password dictionary by running the mkpwdict command. # mkpwdict -s /usr/share/lib/dict/words

Additional Identifiers

Rule ID: SV-216338r603267_rule

Vulnerability ID: V-216338

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.