Amazon Linux 2023 must ensure the password complexity module is enabled in the password-auth file.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-274161 | SRG-OS-000069-GPOS-00037 | AZLX-23-002489 | SV-274161r1120471_rule | 2026-05-22 | 1 |
Description
Enabling PAM password complexity permits enforcement of strong passwords and consequently makes the system less prone to dictionary attacks.
ℹ️ Check
Verify Amazon Linux 2023 uses "pwquality" to enforce the password complexity rules in the password-auth file with the following command:
$ grep pam_pwquality /etc/pam.d/password-auth
password required pam_pwquality.so
If the command does not return a line containing the value "pam_pwquality.so", or the line is commented out, this is a finding.
If the system administrator can demonstrate that the required configuration is contained in a PAM configuration file included or substacked from the system-auth file, this is not a finding.
✔️ Fix
Configure Amazon Linux 2023 to use "pwquality" to enforce password complexity rules.
Add the following line to the "/etc/pam.d/password-auth" file (or modify the line to have the required value):
password required pam_pwquality.so