Profile Applicability:
• Level 1
Description:
Configuring a minimum password length enforces users to create passwords of sufficient complexity, improving resistance to brute-force and guessing attacks.
Rationale:
Longer passwords increase the key space, making passwords harder to crack and enhancing overall system security.
Impact:
Pros:
Strengthens password security by enforcing length requirements.
Helps meet compliance and security best practices.
Cons:
May cause usability issues if minimum length is set too high.
Default Value:
Defaults vary; some systems may not enforce a minimum password length.
Pre-requisites:
Root or sudo privileges to configure PAM modules such as pam_pwquality.
Remediation:
Test Plan:
Using Linux command line:
1. Check /etc/security/pwquality.conf for minlen parameter:
grep minlen /etc/security/pwquality.conf
2. Verify the minimum length value is configured.
Implementation Plan:
Using Linux command line:
- Edit /etc/security/pwquality.conf to set the minimum length, for example:
minlen = 12
Save the file.
Confirm PAM is configured to use pam_pwquality.
Backout Plan:
Using Linux command line:
Remove or adjust the minlen setting if needed.
Test password changes to confirm behavior.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
pwquality.conf Manual