Amazon Linux 2023 must ensure the password complexity module is enabled in the password-auth file.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-274161	SRG-OS-000069-GPOS-00037	AZLX-23-002489	SV-274161r1120471_rule	2025-07-15	1

Description
Enabling PAM password complexity permits enforcement of strong passwords and consequently makes the system less prone to dictionary attacks.

ℹ️ Check
Verify Amazon Linux 2023 uses "pwquality" to enforce the password complexity rules in the password-auth file with the following command: $ grep pam_pwquality /etc/pam.d/password-auth password required pam_pwquality.so If the command does not return a line containing the value "pam_pwquality.so", or the line is commented out, this is a finding. If the system administrator can demonstrate that the required configuration is contained in a PAM configuration file included or substacked from the system-auth file, this is not a finding.

ℹ️ Check

Verify Amazon Linux 2023 uses "pwquality" to enforce the password complexity rules in the password-auth file with the following command: $ grep pam_pwquality /etc/pam.d/password-auth password required pam_pwquality.so If the command does not return a line containing the value "pam_pwquality.so", or the line is commented out, this is a finding. If the system administrator can demonstrate that the required configuration is contained in a PAM configuration file included or substacked from the system-auth file, this is not a finding.

✔️ Fix
Configure Amazon Linux 2023 to use "pwquality" to enforce password complexity rules. Add the following line to the "/etc/pam.d/password-auth" file (or modify the line to have the required value): password required pam_pwquality.so