Control Compliance Suite

 View Only

  • 1.  Password Checking on Redhat Enterprise Servers

    Posted Jun 22, 2010 02:32 AM
    I have been checking and have been unable to find a way to check password policy settings of redhat entreprise server so that users password have to include Numbers, Capital letters and characters. Is it possible for CCS to do this check?


  • 2.  RE: Password Checking on Redhat Enterprise Servers

    Posted Jul 14, 2010 04:40 AM
    Hi,


    BvC-Unix do not report specifically on the password policy / usage of combinations of letters, special charactors or numbers etc. for passwords.

    On your requirement lines, BvC-Unix reports on the weak passwords. To identify the weak password, a Password Strength utility has been developed. The Password Strength utility checks the following:

    1)If the password in /etc/passwd is blank.
    2)If the password in shadow file is blank.
    3)If the password matches with the words in the dictionary provided with the product. (present in $INSTALL_DIR/utils/ folder of agent)
    4)If the password is the same as Username. You can include Is Weak Password field in the Users data source to check if the password is a dictionary word or the same as user name.

    Regards,
    Mrunal



  • 3.  RE: Password Checking on Redhat Enterprise Servers

    Posted Aug 04, 2010 02:28 AM
    Thanks for the feed back.

    Regards

    Mike