This addresses multiple issues with OVAL checks and
XCCDF content not supporting Values to adjust their
requirements for settings in /etc/login.defs.
Some remaining issues exist, such as the prose not being
quite good yet, and I believe we will also break apart the
OVAL check for minimum length to separately cover the
settings in login.defs and pam_cracklib. But not today.
Jeffrey Blank (3):
updated OVAL checks which inspect login.defs to support Values
(variables)
updated refine-value names for password items, removed
defunct/commented profile items
updated guidance to permit adjustment of password warning period,
min/max age, length * also added to test profile, for your
testing pleasure
.../checks/accounts_maximum_age_login_defs.xml | 26 ++++++---
.../checks/accounts_minimum_age_login_defs.xml | 31 +++++++----
.../checks/accounts_password_minlen_login_defs.xml | 17 +++----
.../accounts_password_warn_age_login_defs.xml | 32 +++++++-----
rhel6/src/input/profiles/common.xml | 29 ++---------
rhel6/src/input/profiles/test.xml | 17 ++++++
.../accounts/restrictions/password_expiration.xml | 56 +++++++++++++-------
7 files changed, 121 insertions(+), 87 deletions(-)