{"description": "To enable PAM password complexity in system-auth file:\nEdit the <tt>password</tt> section in\n<tt>/etc/pam.d/system-auth</tt> to show\n<tt>password    requisite                                    pam_pwquality.so</tt>.", "rationale": "Enabling PAM password complexity permits to enforce strong passwords and consequently\nmakes the system less prone to dictionary attacks.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "pam_pwquality.so is not enabled in system-auth", "ocil": "To check if pam_pwquality.so is enabled in system-auth, run the following command:\n<pre>$ grep pam_pwquality /etc/pam.d/system-auth</pre>\nThe output should be similar to the following:\n<pre>password requisite pam_pwquality.so</pre>", "oval_external_content": null, "fixtext": "Configure Ubuntu 22.04 to use \"pwquality\" to enforce password complexity rules.\n\nAdd the following line to the \"/etc/pam.d/system-auth\" file(or modify the line to have the required value):\n\npassword requisite pam_pwquality.so", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must ensure the password complexity module is enabled in the system-auth file.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must ensure the password complexity module is enabled in the system-auth file.", "vuldiscussion": "Enabling PAM password complexity permits enforcement of strong passwords and consequently makes the system less prone to dictionary attacks.", "checktext": "Verify Ubuntu 22.04 uses \"pwquality\" to enforce the password complexity rules in the system-auth file with the following command:\n\n$ grep pam_pwquality /etc/pam.d/system-auth\n\npassword required pam_pwquality.so\n\nIf the command does not return a line containing the value \"pam_pwquality.so\", or the line is commented out, this is a finding.\n\nIf the system administrator (SA) can demonstrate that the required configuration is contained in a PAM configuration file included or substacked from the system-auth file, this is not a finding.", "fixtext": "Configure Ubuntu 22.04 to use \"pwquality\" to enforce password complexity rules.\n\nAdd the following line to the \"/etc/pam.d/system-auth\" file(or modify the line to have the required value):\n\npassword required pam_pwquality.so"}}, "platform": "package[libpwquality]", "platforms": ["package[libpwquality]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_libpwquality"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure PAM password complexity module is enabled in system-auth", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml", "template": null}