Check: SOL-11.1-040190
Solaris 11 x86 STIG:
SOL-11.1-040190
(in versions v2 r10 through v1 r10)
Title
The system must prevent the use of dictionary words for passwords. (Cat II impact)
Discussion
The use of common words in passwords simplifies password-cracking attacks.
Check Content
Check /etc/default/passwd for dictionary check configuration. # grep ^DICTION /etc/default/passwd If the DICTIONLIST or DICTIONDBDIR settings are not present and are not set to: DICTIONLIST=/usr/share/lib/dict/words DICTIONDBDIR=/var/passwd this is a finding. Determine if the target files exist. # ls -l /usr/share/lib/dict/words /var/passwd If the files defined by DICTIONLIST or DICTIONBDIR are not present or are empty, this is a finding.
Fix Text
The root role is required. # pfedit /etc/default/passwd Insert the lines: DICTIONLIST=/usr/share/lib/dict/words DICTIONDBDIR=/var/passwd Generate the password dictionary by running the mkpwdict command. # mkpwdict -s /usr/share/lib/dict/words
Additional Identifiers
Rule ID: SV-216103r603268_rule
Vulnerability ID: V-216103
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |