RHEL-07-010118 – The Red Hat Enterprise Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.

Details

Pluggable authentication modules (PAM) allow for a modular approach to integrating authentication methods. PAM operates in a top-down processing model and if the modules are not listed in the correct order, an important security function could be bypassed if stack entries are not centralized.

Solution

Configure PAM to utilize /etc/pam.d/system-auth when changing passwords.

Add the following line to ‘/etc/pam.d/passwd’ (or modify the line to have the required value):

password substack system-auth

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_7_V3R5_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.

References

800-53|IA-5(1)(a)
CAT|II
CCI|CCI-000192
Rule-ID|SV-204405r603261_rule
STIG-ID|RHEL-07-010118
STIG-Legacy|SV-95715
STIG-Legacy|V-81003
Vuln-ID|V-204405

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles