diff --git a/bin/hardening/9.2.2_pam_minlen_cracklib.sh b/bin/hardening/9.2.2_pam_minlen_cracklib.sh
index d0411c5..381b5d8 100755
--- a/bin/hardening/9.2.2_pam_minlen_cracklib.sh
+++ b/bin/hardening/9.2.2_pam_minlen_cracklib.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# harbian audit 7/8/9  Hardening
+# harbian audit 7/8/9/10 or CentOS Hardening
 #
 
 #
@@ -19,13 +19,15 @@ PAMLIBNAME='pam_cracklib.so'
 PATTERN='^password.*pam_cracklib.so'
 FILE='/etc/pam.d/common-password'
 
+# Redhat/CentOS default use pam_pwquality
+FILE_REDHAT='/etc/security/pwquality.conf'
+
 OPTIONNAME='minlen'
 
 # condition 
-CONDT_VAL=14
+CONDT_VAL=15
 
-# This function will be called if the script status is on enabled / audit mode
-audit () {
+audit_debian () {
     is_pkg_installed $PACKAGE
     if [ $FNRET != 0 ]; then
         crit "$PACKAGE is not installed!"
@@ -49,8 +51,32 @@ audit () {
     fi
 }
 
-# This function will be called if the script status is on enabled mode
-apply () {
+audit_redhat () {
+	check_param_pair_by_value $FILE_REDHAT $OPTIONNAME ge $CONDT_VAL  
+	if [ $FNRET = 0 ]; then
+		ok "$OPTIONNAME set condition is $CONDT_VAL"
+	elif [ $FNRET = 1 ]; then
+		crit "$OPTIONNAME set condition is not set $CONDT_VAL"
+	elif [ $FNRET = 2 ]; then
+		crit "$OPTIONNAME is not conf"
+	elif [ $FNRET = 3 ]; then
+		crit "Config file $FILE_REDHAT is not exist!"
+    fi
+}
+
+# This function will be called if the script status is on enabled / audit mode
+audit () {
+	if [ $OS_RELEASE -eq 1 ]; then
+		audit_debian
+	elif [ $OS_RELEASE -eq 2 ]; then
+		audit_redhat
+	else
+		crit "Current OS is not support!"
+		FNRET=44
+	fi
+}
+
+apply_debian () {
     if [ $FNRET = 0 ]; then
         ok "$PACKAGE is installed"
     elif [ $FNRET = 1 ]; then
@@ -70,6 +96,21 @@ apply () {
     fi 
 }
 
+apply_redhat () {
+	:
+}
+
+# This function will be called if the script status is on enabled mode
+apply () {
+	if [ $OS_RELEASE -eq 1 ]; then
+		apply_debian
+	elif [ $OS_RELEASE -eq 2 ]; then
+		apply_redhat
+	else
+		crit "Current OS is not support!"
+	fi
+}
+
 # This function will check config parameters required
 check_config() {
     :
diff --git a/lib/utils.sh b/lib/utils.sh
index cbdb7a6..0365784 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -580,6 +580,42 @@ verify_integrity_all_packages()
 	fi
 }
 
+# Check paramer with value 
+# example : minlen = 9
+# ruturn: 0  1  2  3 
+check_param_pair_by_value ()
+{   
+	FILENAME=$1
+	OPTION=$2
+	COMPARE=$3
+	OP_VALUE=$4
+
+    #Example:
+    # FILENAME="/etc/security/pwquality.conf"
+    # OPTION="minlen"
+	# COMPARE="ge"
+    # OP_VALUE=15
+	if [ -f "$FILENAME" ];then
+		RESULT=$(sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' $FILENAME | grep "^$OPTION[[:space:]]=[[:space:]]")
+		if [ $(echo $RESULT | wc -l) -eq 1 ]; then
+	        debug "$OPTION is conf"
+			if [ "$(echo $RESULT | awk -F'= ' '{print $2}')" "-$COMPARE" "$OP_VALUE" ]; then 
+            	debug "$OPTION conf is right."
+            	FNRET=0
+			else
+           		debug "$OPTION conf is not right."
+           		FNRET=1
+			fi
+        else
+            debug "$OPTION is not conf of $FILENAME"
+            FNRET=2
+        fi
+    else
+        debug "$FILENAME is not exist"
+        FNRET=3   
+    fi
+}
+
 check_param_pair_by_pam()
 {   
     LOCATION=$1