STIGQter STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.

DISA Rule

SV-219172r610963_rule

Vulnerability Number

V-219172

Group Title

SRG-OS-000069-GPOS-00037

Rule Version

UBTU-18-010100

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Add or update the "/etc/security/pwquality.conf" file to contain the "ucredit" parameter:

ucredit=-1

Check Contents

Verify the Ubuntu operating system enforces password complexity by requiring that at least one upper-case character be used.

Determine if the field "ucredit" is set in the "/etc/security/pwquality.conf" file with the following command:

# grep -i "ucredit" /etc/security/pwquality.conf
ucredit=-1

If the "ucredit" parameter is greater than "-1", or is commented out, this is a finding.

Vulnerability Number

V-219172

Documentable

False

Rule Version

UBTU-18-010100

Severity Override Guidance

Verify the Ubuntu operating system enforces password complexity by requiring that at least one upper-case character be used.

Determine if the field "ucredit" is set in the "/etc/security/pwquality.conf" file with the following command:

# grep -i "ucredit" /etc/security/pwquality.conf
ucredit=-1

If the "ucredit" parameter is greater than "-1", or is commented out, this is a finding.

Check Content Reference

M

Target Key

4055

Comments