/etc/openvas/pwpolicy.conf is in openvas-manager 7.0.2-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 | # pwpolicy.conf -*- coding: utf-8 -*-
#
# This is an example for a pattern file used to validate passwords.
# Passwords matching an entry in this file are considered weak and
# will be rejected.
#
# The file is line based with comment lines beginning on the *first*
# position with a '#' and followed by at least one white space. Empty
# lines and lines with only white space are ignored. The other lines
# may either be verbatim patterns and match as they are (trailing
# spaces are ignored) or Perl compatible regular expressions (pcre)
# indicated by a '/' in the first column and terminated by another '/'
# or end of line. To reverse the meaning of a regular expression
# prefix it with an exclamation mark like this:
#
# !/^.{6,}$/
#
# This will reject a passphrase with less than 6 characters. All
# comparisons are case insensitive; utf-8 encoding must be used. A
# few processing instructions are supported:
#
# #+desc[:] A string describing the next pattern
#
# This is used to return meaningful error messages. To end a group of
# pattern with the same description either a new "#+desc:" line may be
# used or the instruction:
#
# #+nodesc
#
# To include a list of simple pattern use:
#
# #+search[:] FILENAME
#
# Note that this is a simple linear search and stops at the first
# match. Comments are not allowed in that file. A line in the
# dictionary may not be longer than 255 characters.
#
# To perform checks on the username/password combination, you should
# use:
#
# #+username
#
# Currently this checks whether the password matches or is included in
# the password. It may eventually be extended to further tests.
############################
# This is a example file where all lines are explicitely prefixed with
# a additional "#" to comment out anything.
# On your own decision you may activiate policies and modify them.
# Be aware: By default any password is allowed.
############################
## Let's start with a simple test
##+desc: Too short (at least 8 characters are required)
#!/^.{8,}$/
#
## Check that the user name does not match the password.
## (The desc string is not used here.)
##+username
#
##+desc: Only digits
#/^[[:digit:]]+$/
#
##+desc: Not a mix of letters digits and control characters
#!/[[:alpha:]]+/
#!/[[:digit:]]+/
#!/[[:punct:]]+/
#
##+desc: No mixed case
#!/(?-i)([[:lower:]]+.*[[:upper:]]+)|([[:upper:]]+.*[[:lower:]]+)/
#
##+desc: Date string
## A limited check for ISO date strings
#/^[012][0-9]{3}-?[012][0-9]-?[0123][0-9]$/
#
## Reject the usual metavariables.
##+desc: Meta variable
#foo
#bar
#baz
#
##+desc: Common test password
#password
#passwort
#passphrase
#mantra
#test
#abc
#egal
#
## Arbitrary strings
##+nodesc
#12345678
#87654321
#qwerty
#qwertyuiop
#asdfghjkl
#zxcvbnm
#qwertzuiop
#yxcvbnm
#no-password
#no password
#
##+desc: Test string used by RTTY hams
#the quick brown fox jumps over the lazy dogs back
#
##+desc: German number plate
#/^[A-Z]{1,3}\s*-\s*[A-Z]{1,2}\s*[0-9]+$/
#
##+desc: Dictionary word
##+search: /usr/share/dict/words
## Note that searching a large dictionary may take some time, it might
## be better to use an offline password auditing tool instead.
# end of policy file
|