STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (login.defs).

DISA Rule

SV-208838r603263_rule

Vulnerability Number

V-208838

Group Title

SRG-OS-000120

Rule Version

OL6-00-000063

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

In "/etc/login.defs", add or correct the following line to ensure the system will use SHA-512 as the hashing algorithm:

ENCRYPT_METHOD SHA512

Check Contents

Inspect "/etc/login.defs" and ensure the following line appears:

ENCRYPT_METHOD SHA512

If it does not, this is a finding.

Vulnerability Number

V-208838

Documentable

False

Rule Version

OL6-00-000063

Severity Override Guidance

Inspect "/etc/login.defs" and ensure the following line appears:

ENCRYPT_METHOD SHA512

If it does not, this is a finding.

Check Content Reference

M

Target Key

2928

Comments