UBTU-20-010056 – The Ubuntu operating system must prevent the use of dictionary words for passwords.

Details

If the Ubuntu operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.

Solution

Configure the Ubuntu operating system to prevent the use of dictionary words for passwords.

Add or update the following line in the ‘/etc/security/pwquality.conf’ file to include the ‘dictcheck=1’ parameter:

dictcheck=1

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CAN_Ubuntu_20-04_LTS_V1R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
Rule-ID|SV-238227r653856_rule
STIG-ID|UBTU-20-010056
Vuln-ID|V-238227

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles