← Rules Catalog
mediumaccess-controlverified rollback-safe

Set minimum password length in login.defs

login-defs-pass-min-len · RHEL ≥ 8 · 1 impl

Description

/etc/login.defs must enforce a minimum password length (PASS_MIN_LEN) of 15 characters for new user accounts.

Rationale

A longer minimum password length increases the work factor required to guess or brute-force account credentials.

Check → Remediate

Checkconfig_value
delimiter:
path:
/etc/login.defs
key:
PASS_MIN_LEN
expected:
15
comparator:
>=
Remediateconfig_set
path:
/etc/login.defs
key:
PASS_MIN_LEN
value:
15
separator:

Framework references

STIG

V-230370 / RHEL-08-020231

NIST 800-53

IA-5(1)

Live verification

rhel8:check
#password#login-defs#authentication