ansible-hardening/doc/metadata/rhel6/V-38576.rst

---id: V-38576 status: implemented tag: auth ---

The STIG requires SHA512 to be used for hashing password since it is in the list of FIPS 140-2 approved hashing algorithms. This is also the default in Ubuntu 14.04, Ubuntu 16.04, and CentOS 7.

The Ansible tasks will verify that the secure default is still set in /etc/login.defs. If it has been altered, the playbook will fail and display an error.

Further reading:

• FIPS 140-2 on Wikipedia
• FIPS 140-2 from NIST