Enabling Pluggable Authentication Module (PAM) password complexity permits enforcement of strong passwords and consequently makes the system less prone to dictionary attacks.
Check
Verify RHEL 10 uses "pwquality" to enforce the password complexity rules in the "system-auth" file with the following command:
If the command does not return a line containing the value "pam_pwquality.so", or the line is commented out, this is a finding.
If the system administrator can demonstrate that the required configuration is contained in a PAM configuration file included or substacked from the "system-auth" file, this is not a finding.
Fix
Configure RHEL 10 to use "pwquality" to enforce password complexity rules.
Add the following line to the "/etc/pam.d/system-auth" file (or modify the line to have the required value):