- On a RHEL 7.2 server installed latest
scap-security-guide, tailored the profile and run some scans. We see six failed scans with regard to
pam_pwqualitymodule. Checking older SCAP scans, I see that the file
/etc/security/pwquality.confwas never audited before, but instead
/etc/pam.d/system-auth. Our password settings are enforced because of the applied settings in
/etc/pam.d/system-auth. Do we have to apply the settings from
/etc/security/pwquality.conf, to have positive SCAP results?
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.