STIGQter STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must require the change of at least eight of the total number of characters when passwords are changed.

DISA Rule

SV-100221r1_rule

Vulnerability Number

V-89571

Group Title

SRG-OS-000072-GPOS-00040

Rule Version

VRAU-SL-000360

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

If "difok" was not set at all in /etc/pam.d/common-password-vmware.local then run the following command:

# sed -i '/pam_cracklib.so/ s/$/ difok-8/' /etc/pam.d/common-password-vmware.local

If "difok" was set incorrectly then run the following command to set it to "8":

# sed -i '/pam_cracklib.so/ s/difok=./difok=8/' /etc/pam.d/common-password-vmware.local

Check Contents

Check that at least eight characters need to be changed between old and new passwords during a password change by running the following command:

# grep pam_cracklib /etc/pam.d/common-password-vmware.local

The "difok" parameter indicates how many characters must be different. The DoD requires at least eight characters to be different during a password change. This would appear as "difok=8". If difok is not found or not set to at least "8", this is a finding.

Expected Result:
password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=14 difok=8 retry=3

Vulnerability Number

V-89571

Documentable

False

Rule Version

VRAU-SL-000360

Severity Override Guidance

Check that at least eight characters need to be changed between old and new passwords during a password change by running the following command:

# grep pam_cracklib /etc/pam.d/common-password-vmware.local

The "difok" parameter indicates how many characters must be different. The DoD requires at least eight characters to be different during a password change. This would appear as "difok=8". If difok is not found or not set to at least "8", this is a finding.

Expected Result:
password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=14 difok=8 retry=3

Check Content Reference

M

Target Key

3459

Comments