diff --git a/bin/hardening/9.2.1_enable_cracklib.sh b/bin/hardening/9.2.1_enable_cracklib.sh
index edc3270..115c530 100755
--- a/bin/hardening/9.2.1_enable_cracklib.sh
+++ b/bin/hardening/9.2.1_enable_cracklib.sh
@@ -14,9 +14,33 @@ set -u # One variable unset, it's over
 HARDENING_LEVEL=2
 
 PACKAGE='libpam-cracklib'
+PAMLIBNAME='libpam-cracklib.so'
 PATTERN='^password.*pam_cracklib.so'
 FILE='/etc/pam.d/common-password'
 
+OPTION_RETRY='retry'
+OPTION_MINLEN='minlen'
+OPTION_DCREDIT='dcredit'
+OPTION_UCREDIT='ucredit'
+OPTION_OCREDIT='ocredit'
+OPTION_LCREDIT='lcredit'
+OPTION_DIFOK='difok'
+OPTION_MINCLASS='minclass'
+OPTION_MAXREPEAT='maxrepeat'
+OPTION_MAXCLASSREPEAT='maxclassrepeat'
+
+# condition 
+RETRY_CONDT=3
+MINLEN_CONDT=14
+DCREDIT_CONDT=-1
+UCREDIT_CONDT=-1
+OCUEDIT_CONDT=-1
+LCREDIT_CONDT=-1
+DIFOK_CONDT=8
+MINCLASS_CONDT=4
+MAXREPEAT=3
+MAXCLASSREPEAT_CONDT=4
+
 # This function will be called if the script status is on enabled / audit mode
 audit () {
     is_pkg_installed $PACKAGE
@@ -27,6 +51,20 @@ audit () {
         does_pattern_exist_in_file $FILE $PATTERN
         if [ $FNRET = 0 ]; then
             ok "$PATTERN is present in $FILE"
+            check_password_by_pam $OPTION_DCREDIT gt $DCREDIT_CONDT  
+            if [ $FNRET = 0 ]; then
+                ok "$OPTION_DCREDIT set condition is $DCREDIT_CONDT"
+            else
+                cirt "$OPTION_DCREDIT set condition is $DCREDIT_CONDT"
+                FNRET=1
+            fi
+            #ok "$PATTERN is present in $FILE"
+            #check_password_by_pam $OPTION_RETRY gt $RETRY_CONDT  
+            #if [ $FNRET = 0 ]; then
+            #    ok "$OPTION_RETRY set condition is $RETRY_CONDT"
+            #else
+            #    crit "$OPTION_RETRY set condition is $RETRY_CONDT"
+                FNRET=1
         else
             crit "$PATTERN is not present in $FILE"
         fi
diff --git a/lib/utils.sh b/lib/utils.sh
index 9754923..497da68 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -441,18 +441,17 @@ verify_integrity_all_packages()
     fi
 }
 
-check_password_pam()
+check_password_by_pam()
 {
-    LOCATION=$1
-    KEYWORD=$2
-    OPTION=$3
-    COMPARE=$4
-    CONDITION=$5
+    OPTION=$1
+    COMPARE=$2
+    CONDITION=$3
+
+    LOCATION="/etc/pam.d/common-password"  
+    #For debian is common-password ,for Gentoo and Red hat the file is system-auth
+    KEYWORD="pam_cracklib.so"
 
     #Example:
-    #LOCATION="/etc/pam.d/common-password"  
-    #For debian is common-password ,for Gentoo and Red hat the file is system-auth
-    #KEYWORD="pam_cracklib.so"
     #OPTION="ocredit"
     #COMPARE="gt"
     #CONDITION="-1"