STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230368r627750_rule
V-230368
SRG-OS-000077-GPOS-00045
RHEL-08-020220
CAT II
10
Configure the operating system to prohibit password reuse for a minimum of five generations.
Add the following line in "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" (or modify the line to have the required value):
password required pam_pwhistory.so use_authtok remember=5 retry=3
Verify the operating system prohibits password reuse for a minimum of five generations.
Check for the value of the "remember" argument in "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" with the following command:
$ sudo grep -i remember /etc/pam.d/system-auth /etc/pam.d/password-auth
password required pam_pwhistory.so use_authtok remember=5 retry=3
If the line containing "pam_pwhistory.so" does not have the "remember" module argument set, is commented out, or the value of the "remember" module argument is set to less than "5", this is a finding.
V-230368
False
RHEL-08-020220
Verify the operating system prohibits password reuse for a minimum of five generations.
Check for the value of the "remember" argument in "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" with the following command:
$ sudo grep -i remember /etc/pam.d/system-auth /etc/pam.d/password-auth
password required pam_pwhistory.so use_authtok remember=5 retry=3
If the line containing "pam_pwhistory.so" does not have the "remember" module argument set, is commented out, or the value of the "remember" module argument is set to less than "5", this is a finding.
M
2921