Nutanix AOS must prevent the use of dictionary words for passwords.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-254192	NUTX-OS-001050	SV-254192r846664_rule		Medium

Description
If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.

STIG	Date
Nutanix AOS 5.20.x OS Security Technical Implementation Guide	2022-08-24

Details

Check Text ( C-57677r846662_chk )
Confirm Nutanix AOS prevents the use of dictionary words for passwords. Check the /etc/pam.d/password-auth file for pam_pwquality.so $ sudo grep pwquality.so /etc/pam.d/password-auth password requisite pam_pwquality.so try_first_pass local_users_only enforce_for_root retry=3 authtok_type= If the output does not contain "pam_pwquality.so" with the option of "required" or "requisite", this is a finding.

Check Text ( C-57677r846662_chk )

Confirm Nutanix AOS prevents the use of dictionary words for passwords.

Check the /etc/pam.d/password-auth file for pam_pwquality.so

$ sudo grep pwquality.so /etc/pam.d/password-auth
password requisite pam_pwquality.so try_first_pass local_users_only enforce_for_root retry=3 authtok_type=

If the output does not contain "pam_pwquality.so" with the option of "required" or "requisite", this is a finding.

Fix Text (F-57628r846663_fix)
Configure Nutanix AOS to enforce the use of pam_pwquality.so by running the following command. $ sudo salt-call state.sls security/CVM/pamCVM