Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: ComplianceAsCode/content
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 516a827dbbed636976867a52d952fdbf587a21ea
Choose a base ref
..
head repository: ComplianceAsCode/content
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: c1c4a4e476e05dc27c74f21657c66f712b448b6d
Choose a head ref
Showing with 9 additions and 14 deletions.
  1. +9 −14 ...-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_enabled/rule.yml
Original file line number Diff line number Diff line change
@@ -1,25 +1,20 @@
documentation_complete: true


title: 'Ensure pam_pwquality module is enabled'
title: 'Verify pam_pwquality module is activated'

description: |-
The <tt>pam_pwquality.so</tt> module performs password quality checking. This module can
be plugged into the password stack of a given service to provide strength-checking for
passwords. The code was originally based on pam_cracklib module and the module is
backwards compatible with its options.
The <tt>pam_pwquality.so</tt> module ensures password quality by evaluating user-created passwords
against a system dictionary and a set of rules designed to detect weak choices. Originally derived
from the pam_cracklib module, this module is backward-compatible with options of pam_cracklib.
<br /><br />
The action of this module is to prompt the user for a password and check its strength
against a system dictionary and a set of rules for identifying poor choices.
<br /><br />
The first action is to prompt for a single password, check its strength and then, if it is
considered strong, prompt for the password a second time (to verify that it was typed
correctly on the first occasion). All being well, the password is passed on to subsequent
modules to be installed as the new authentication token.
The module's process includes prompting the user for a password, checking its strength, and if it
meets the criteria requesting the password again for confirmation. If both entries match, the
password is passed to subsequent modules to be set as the new authentication token.
rationale: |-
Use of a unique, complex passwords helps to increase the time and resources required
to compromise the password.
Strong passwords significantly increase the time and effort required for unauthorized access,
increasing overall system security.
severity: medium