← Back to Oracle Linux 8 Security Technical Implementation Guide

V-248711

CAT II (Medium)

OL 8 must prevent the use of dictionary words for passwords.

Rule ID

SV-248711r991587_rule

STIG

Oracle Linux 8 Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-000366

Discussion

If OL 8 allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.

Check Content

Verify OL 8 prevents the use of dictionary words for passwords. 
 
Determine if the field "dictcheck" is set in the "/etc/security/pwquality.conf" or "/etc/security/pwquality.conf.d/*.conf" files with the following command: 
 
$ sudo grep -r dictcheck /etc/security/pwquality.conf*
 
/etc/security/pwquality.conf:dictcheck=1 
 
If the "dictcheck" parameter is not set to "1" or is commented out, this is a finding.
If conflicting results are returned, this is a finding.

Fix Text

Configure OL 8 to prevent the use of dictionary words for passwords.

Add or update the following line in the "/etc/security/pwquality.conf" file or a configuration file in the "/etc/security/pwquality.conf.d/" directory:

dictcheck=1

Remove any configurations that conflict with the above value.