Solaris 11 X86 STIG Version Comparison

There are 13 differences between versions v2 r10 (April 24, 2024) (the "left" version) and v3 r2 (Jan. 30, 2025) (the "right" version).

Check SOL-11.1-040050 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Title

Users must not reuse the last 5 passwords.

Check Content

Determine if the password history setting is configured properly. # grep ^HISTORY /etc/default/passwd If HISTORY is commented out or is not set to 5 or more, this is a finding.

Discussion

Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. To meet password policy requirements, passwords need to be changed at specific policy-based intervals. If the operating system allows the user to consecutively reuse their password when the password has exceeded its defined lifetime, the end result is a password that is not changed, per policy requirements.

Fix

The root role is required. # pfedit /etc/default/passwd Locate the line containing: HISTORY Change the line to read: HISTORY=5