STIGQter STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.

DISA Rule

SV-219173r610963_rule

Vulnerability Number

V-219173

Group Title

SRG-OS-000070-GPOS-00038

Rule Version

UBTU-18-010101

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Add or update the "/etc/security/pwquality.conf" file to contain the "lcredit" parameter:

lcredit=-1

Check Contents

Verify the Ubuntu operating system enforces password complexity by requiring that at least one lower-case character be used.

Determine if the field "lcredit" is set in the "/etc/security/pwquality.conf" file with the following command:

# grep -i "lcredit" /etc/security/pwquality.conf
lcredit=-1

If the "lcredit" parameter is greater than "-1", or is commented out, this is a finding.

Vulnerability Number

V-219173

Documentable

False

Rule Version

UBTU-18-010101

Severity Override Guidance

Verify the Ubuntu operating system enforces password complexity by requiring that at least one lower-case character be used.

Determine if the field "lcredit" is set in the "/etc/security/pwquality.conf" file with the following command:

# grep -i "lcredit" /etc/security/pwquality.conf
lcredit=-1

If the "lcredit" parameter is greater than "-1", or is commented out, this is a finding.

Check Content Reference

M

Target Key

4055

Comments