mediumauditverified ✓rollback-safe
Audit modifications to /etc/security/opasswd
audit-file-opasswd · RHEL ≥ 8 · 1 impl
Description
Changes to /etc/security/opasswd must be audited. This file stores password history used to prevent password reuse.
Rationale
Auditing changes to opasswd allows detection of attempts to manipulate password history and bypass password reuse restrictions.
Check → Remediate
Checkaudit_rule_exists
- rule:
- -w /etc/security/opasswd -p wa -k identity
Remediateaudit_rule_set
- rule:
- -w /etc/security/opasswd -p wa -k identity
- persist_file:
- /etc/audit/rules.d/50-identity.rules
Framework references
STIG
V-258221 / RHEL-09-654235V-230405 / RHEL-08-030140
NIST 800-53
AU-2AU-12AC-6
Live verification
rhel8:checkrhel9:check
#audit#auditd#password#opasswd