{"description": "Verify that the operating system uses \"pwquality\" to enforce the\npassword complexity rules.\n\nVerify the pwquality module is being enforced by operating system by\nrunning the following command:\n<pre>\n$ grep -i enforcing /etc/security/pwquality.conf\nenforcing = 1\n</pre>\n\nIf the value of \"enforcing\" is not \"1\" or the line is commented out,\nthis is a finding.", "rationale": "Use of a complex password helps to increase the time and resources\nrequired to compromise the password. Password complexity, or strength,\nis a measure of the effectiveness of a password in resisting attempts at\nguessing and brute-force attacks. Using enforcing=1 ensures \"pwquality\"\nenforces complex password construction configuration and has the ability\nto limit brute-force attacks on the system.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00225"], "cis": ["5.3.3.2.7"], "stigid": ["UBTU-22-611045"], "stigref": ["SV-260567r991587_rule"]}, "control_references": {"cis": ["5.3.3.2.7"], "stigid": ["UBTU-22-611045"]}, "components": [], "identifiers": {}, "ocil_clause": "enforcing is not uncommented or configured correctly", "ocil": "To verify that enforcing is correctly applied, run the following command:\n<pre>$ grep -i enforcing /etc/security/pwquality.conf</pre>\nThe output should return <tt>enforcing = 1</tt> uncommented.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[libpwquality]", "platforms": ["package[libpwquality]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_libpwquality"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure PAM Enforces Password Requirements - Enforcing", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml", "template": {"name": "lineinfile", "vars": {"text": "enforcing = 1", "path": "/etc/security/pwquality.conf"}, "oval_extend_definitions": ["accounts_password_pam_pwquality"], "backends": {}}}