← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-11975

CAT II (Medium)

The system must require passwords contain no more than three consecutive repeating characters.

Rule ID

SV-44877r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000366

Discussion

To enforce the use of complex passwords, the number of consecutive repeating characters is limited. Passwords with excessive repeated characters may be more vulnerable to password-guessing attacks.

Check Content

Check the system password maxrepeat setting.

Procedure:
Check the password maxrepeat option
# grep pam_cracklib.so /etc/pam.d/common-password

Confirm the maxrepeat option is set to 3 or less as in the example below:

password required pam_cracklib.so maxrepeat=3

There may be other options on the line. If no such line is found, or the maxrepeat option is more than 3 this is a finding.  A setting of zero disables this option.

NOTE:  This option was not available in SLES 11 until service pack 2(SP2).

Fix Text

Edit /etc/pam.d/common-password and set the maxrepeat option to a value of 3 or less on the pam_cracklib line.