From Oracle Linux 5 Security Technical Implementation Guide
Part of GEN000590
Associated with: CCI-000803
Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The use of unapproved algorithms may result in weak password hashes more vulnerable to compromise.
Verify the algorithm used for password hashing is of the SHA-2 family. # egrep "password .* pam_unix.so" /etc/pam.d/system-auth-ac # egrep "ENCRYPT_METHOD" /etc/login.defs # egrep "crypt_style" /etc/libuser.conf If any output indicates the hash algorithm is not set to sha256 or sha512, this is a finding.
Change the default password algorithm. # authconfig --passalgo=sha512 --update NOTE: Executing the above command will also update the required parameters in /etc/login.defs and /etc/libuser.conf
Lavender hyperlinks in small type off to the right (of CSS
id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header
Powered by sagemincer