https://secscan.acron.pl/ 2026-04-17T02:55:23+00:00 https://secscan.acron.pl/ https://secscan.acron.pl/lib/tpl/bootstrap3/images/favicon.ico text/html 2017-05-04T19:30:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://secscan.acron.pl/centos7/5/3/1?rev=1493919014&do=diff 5.3.1 Ensure password creation requirements are configured (Scored) Profile Applicability Description The pam_pwquality.so module checks the strength of passwords. It performs checks such as making sure a password is not a dictionary word, it is a certain length, contains a mix of characters (e.g. alphabet, numeric, other) and more. The following are definitions of the text/html 2017-05-04T19:33:52+00:00 Anonymous (anonymous@undisclosed.example.com) https://secscan.acron.pl/centos7/5/3/2?rev=1493919232&do=diff 5.3.2 Ensure lockout for failed password attempts is configured (Not Scored) Profile Applicability Description Lock out users after n unsuccessful consecutive login attempts. The first sets of changes are made to the PAM configuration files. The second set of changes are applied to the program specific PAM configuration file. The second set of changes must be applied to each program that will lock out users. Check the documentation for each secondary program for instructions on how to configu… text/html 2017-05-05T18:43:50+00:00 Anonymous (anonymous@undisclosed.example.com) https://secscan.acron.pl/centos7/5/3/3?rev=1494002630&do=diff 5.3.3 Ensure password reuse is limited (Scored) Profile Applicability Description The /etc/security/opasswd file stores the users' old passwords and can be checked to ensure that users are not recycling recent passwords. Rationale Forcing users not to reuse their past 5 passwords make it less likely that an attacker will be able to guess the password. text/html 2017-05-04T19:39:24+00:00 Anonymous (anonymous@undisclosed.example.com) https://secscan.acron.pl/centos7/5/3/4?rev=1493919564&do=diff 5.3.4 Ensure password hashing algorithm is SHA-512 (Scored) Profile Applicability Description The commands below change password encryption from md5 to sha512 (a much stronger hashing algorithm). All existing accounts will need to perform a password change to upgrade the stored hashes to the new algorithm.