STIG ID: SLES-15-020240 | SRG: SRG-OS-000077-GPOS-00045 | Severity: medium | CCI: | Vulnerability Id: V-234893
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.
Configure the SUSE operating system to create the password history file with the following commands:
> sudo touch /etc/security/opasswd
> sudo chown root:root /etc/security/opasswd
> sudo chmod 0600 /etc/security/opasswd
Verify the password history file exists on the SUSE operating system.
Check that the password history file exists with the following command:
> ls -al /etc/security/opasswd
-rw------- 1 root root 7 Dec 13 17:21 /etc/security/opasswd
If "/etc/security/opasswd" does not exist, this is a finding.