mediumaccess-controlverified ✓rollback-safe
Set minimum password length in login.defs
login-defs-pass-min-len · RHEL ≥ 8 · 1 impl
Description
/etc/login.defs must enforce a minimum password length (PASS_MIN_LEN) of 15 characters for new user accounts.
Rationale
A longer minimum password length increases the work factor required to guess or brute-force account credentials.
Check → Remediate
Checkconfig_value
- delimiter:
- path:
- /etc/login.defs
- key:
- PASS_MIN_LEN
- expected:
- 15
- comparator:
- >=
Remediateconfig_set
- path:
- /etc/login.defs
- key:
- PASS_MIN_LEN
- value:
- 15
- separator:
Framework references
STIG
V-230370 / RHEL-08-020231
NIST 800-53
IA-5(1)
Live verification
rhel8:check
#password#login-defs#authentication