Profile Applicability:
• Level 1
Description:
The libpwquality library provides password quality checking and enforcement for Linux systems. Installing libpwquality enables enforcement of password complexity policies, improving authentication security.
Rationale:
Using libpwquality helps prevent weak passwords, reducing the risk of compromise due to simple or guessable passwords.
Impact:
Pros:
Enforces strong password policies.
Enhances overall system security.
Cons:
Requires proper configuration to be effective.
Default Value:
libpwquality may not be installed by default on minimal or custom Linux installations.
Pre-requisites:
Root or sudo privileges to install software packages.
Remediation:
Test Plan:
Using Linux command line:
Check if libpwquality is installed:
On RPM-based systems:
rpm -q libpwquality
Verify package installation status.
Implementation Plan:
Using Linux command line:
Install libpwquality if missing:
On RPM-based systems:
yum install libpwquality -y
- Confirm installation:
rpm -q libpwquality # or dpkg -l | grep libpwquality
Backout Plan:
Using Linux command line:
Remove libpwquality if necessary:
On RPM-based systems:
yum remove libpwquality -y
Confirm removal.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
libpwquality Documentation