Most hardened appliances allow the modification of the root password during initial setup, or are pre-installed with the root password set to “vmware”. VMware highly recommends changing the root password for both complexity and cryptographic hashing to meet STIG compliance.

The vRealize Business Standard root password can be changed through the VAMI or at the command line.

The root user bypasses the pam_cracklib module password complexity check (found in /etc/pam.d/common-password). Manually verify that the root password meets the password complexity requirements of your organization.

All hardened appliances enable enforce_for_root for the pw_history module (found in /etc/pam.d/common-password). The last five passwords are remembered by default, preventing those passwords from being reused.

Choose a root password of sufficient length and complexity, using numbers, upper and lower case letters, and non-alphanumeric characters. Random password generators offer a simple way to create passwords based on desired complexity properties.