ergolden.blogg.se

The associations between controls and Azure Policy Regulatory Compliance definitions for these compliance standards can change over time. Therefore, compliance in Azure Policy is only a partial view of your overall compliance status. In addition, the compliance standard includes controls that aren't addressed by any Azure Policy definitions at this time. This doesn't ensure that you're fully compliant with all requirements of a control. As such, Compliant in Azure Policy refers only to the policies themselves. However, there often isn't a one-to-one or complete match between a control and one or more policies. These policies might help you assess compliance with the control. If the line containing "pam_pwhistory.so" does not have the "remember" module argument set, is commented out, or the value of the "remember" module argument is set to less than "5", this is a finding.Each control is associated with one or more Azure Policy definitions. RHEL-08-020220 Severity Override Guidance If the line containing "pam_pwhistory.so" does not have the "remember" module argument set, is commented out, or the value of the "remember" module argument is set to less than "5", this is a finding.

Password required pam_pwhistory.so use_authtok remember=5 retry=3 $ sudo grep -i remember /etc/pam.d/system-auth /etc/pam.d/password-auth

Verify the operating system prohibits password reuse for a minimum of five generations.Ĭheck for the value of the "remember" argument in "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" with the following command: Password required pam_pwhistory.so use_authtok remember=5 retry=3 Check Contents CCI-000200 - The information system prohibits password reuse for the organization-defined number of generations.Ĭonfigure the operating system to prohibit password reuse for a minimum of five generations.Īdd the following line in "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" (or modify the line to have the required value):.STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: : RHEL 8 passwords must be prohibited from reuse for a minimum of five generations.