What CIDs should I use to verufy password complexity on SUSE and RedHat Servers?
I checked my testing system and saw I still had the UDC's I used to create the article. Attached are the XML exported UDC's.
In the last release, 7.2, that came out a few weeks ago, we added UDC import/export so you should be able to import these right into your subscription.
I marked the UDC's according to the CID number they were in the article.
To import, in QualysGuard, navigate to PC=>Policies=>Controls, then click the new button and then select Import from XML File
Note that you may need to tweak the PERL regex some if you have more restrictive evaluation requirements, but these are the UDC's I used for the article and may serve as a stop gap until the offical Qualys controls are released.
Have a great day!
There are some checks already in QA to do these password complexity settings for SUSE and RedHat that should be populated into production over the next few months. They will be based on both pam_cracklib and pam_passwdqc.
If you need a check now, I have seen customers use our custom control (aka User Defined Controls or UDC's) to fill compliance gaps until the Qualys provided controls are through regression testing.
I actually wrote a procedure on how another customer could create similar checks for RedHat for testing password complexity and documented the procedure in the attached document.
While these controls will soon be available in production, you can use the attached process to build a custom control to do this check today.
NOTE: After you create a UDC, you do have to rescan since you are technically adding something to the PC scan.
Thanks a lot Jason!
I will test these controls right away.
Also, please confirm if this information adequately answered your question and compliance need.
Using this control, I cannot tell if my host passes or fails to encforce the password policies. I can only see what are the parameters set in the "pam" file. That helped a me lot but it is still not as good as it may be,
Thank you anyway!
Retrieving data ...