From VMware vSphere ESXi 6.0 Security Technical Implementation Guide
Part of SRG-OS-000077-VMM-000440
Associated with: CCI-000200
If a user, or root, used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.
To verify the remember setting, run the following command: # grep -i "^password" /etc/pam.d/passwd | grep sufficient If the remember setting is not set or is not "remember=5", this is a finding.
To set the remember option, add or correct the following line in "/etc/pam.d/passwd": password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512 remember=5
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer