>From b225c50d538f0d409fcfde6ff3aac4fe5a676af7 Mon Sep 17 00:00:00 2001 From: Shawn Wells Date: Tue, 24 Dec 2013 03:16:35 -0500 Subject: [PATCH 06/31] Renamed XCCDF password_require_diffchars to accounts_password_pam_cracklib_difok.xml, added to shared/ - Renamed XCCDF rule to reflect granular configuration setting vs broader requirement - Moved OVAL to shared/ - Tested on RHEL7, updated CPE info --- RHEL/6/input/auxiliary/stig_overlay.xml | 2 +- .../accounts_password_pam_cracklib_difok.xml | 39 +--------------------- RHEL/6/input/profiles/CS2.xml | 2 +- RHEL/6/input/profiles/common.xml | 2 +- .../6/input/profiles/fisma-medium-rhel6-server.xml | 4 +-- RHEL/6/input/profiles/rht-ccp.xml | 2 +- RHEL/6/input/profiles/usgcb-rhel6-server.xml | 2 +- RHEL/6/input/system/accounts/pam.xml | 2 +- RHEL/7/input/auxiliary/stig_overlay.xml | 2 +- .../accounts_password_pam_cracklib_difok.xml | 1 + RHEL/7/input/profiles/rht-ccp.xml | 2 +- RHEL/7/input/system/accounts/pam.xml | 2 +- .../oval/accounts_password_pam_cracklib_difok.xml | 38 +++++++++++++++++++++ 13 files changed, 51 insertions(+), 49 deletions(-) mode change 100644 => 120000 RHEL/6/input/checks/accounts_password_pam_cracklib_difok.xml create mode 120000 RHEL/7/input/checks/accounts_password_pam_cracklib_difok.xml create mode 100644 shared/oval/accounts_password_pam_cracklib_difok.xml diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml b/RHEL/6/input/auxiliary/stig_overlay.xml index d89720c..0e77ee6 100644 --- a/RHEL/6/input/auxiliary/stig_overlay.xml +++ b/RHEL/6/input/auxiliary/stig_overlay.xml @@ -184,7 +184,7 @@ The system must require passwords to contain at least one lowercase alphabetic character. - + The system must require at least four characters be changed between the old and new passwords during a password change. diff --git a/RHEL/6/input/checks/accounts_password_pam_cracklib_difok.xml b/RHEL/6/input/checks/accounts_password_pam_cracklib_difok.xml deleted file mode 100644 index 80fd21e..0000000 --- a/RHEL/6/input/checks/accounts_password_pam_cracklib_difok.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - - Set Password difok Requirements - - Red Hat Enterprise Linux 6 - - The password difok should meet minimum - requirements using pam_cracklib - - - - - - - - - - - - - - - - /etc/pam.d - system-auth - ^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]difok=(-?\d+)(?:[\s]|$) - 1 - - - - 1 - - - - diff --git a/RHEL/6/input/checks/accounts_password_pam_cracklib_difok.xml b/RHEL/6/input/checks/accounts_password_pam_cracklib_difok.xml new file mode 120000 index 0000000..ca78167 --- /dev/null +++ b/RHEL/6/input/checks/accounts_password_pam_cracklib_difok.xml @@ -0,0 +1 @@ +../../../../shared/oval/accounts_password_pam_cracklib_difok.xml \ No newline at end of file diff --git a/RHEL/6/input/profiles/CS2.xml b/RHEL/6/input/profiles/CS2.xml index fc348ae..8bb284c 100644 --- a/RHEL/6/input/profiles/CS2.xml +++ b/RHEL/6/input/profiles/CS2.xml @@ -12,7 +12,7 @@ + - - @@ -297,6 +297,6 @@ - diff --git a/RHEL/6/input/profiles/rht-ccp.xml b/RHEL/6/input/profiles/rht-ccp.xml index d5f983a..9040055 100644 --- a/RHEL/6/input/profiles/rht-ccp.xml +++ b/RHEL/6/input/profiles/rht-ccp.xml @@ -58,7 +58,7 @@ + diff --git a/RHEL/6/input/profiles/usgcb-rhel6-server.xml b/RHEL/6/input/profiles/usgcb-rhel6-server.xml index 704aa62..4693fae 100644 --- a/RHEL/6/input/profiles/usgcb-rhel6-server.xml +++ b/RHEL/6/input/profiles/usgcb-rhel6-server.xml @@ -81,7 +81,7 @@ + -