>From 7bf11ec3ecc556b25899efd35ddbec3d24f1d20f Mon Sep 17 00:00:00 2001 From: Shawn Wells Date: Tue, 24 Dec 2013 03:05:25 -0500 Subject: [PATCH 04/31] Renamed password_require_lowercases to accounts_password_pam_cracklib_lcredit, added to shared/ - Updated XCCDF name to reflect granular configuration setting vs broad requirement - Tested on RHEL7, moved to shared/, updated symlinks --- RHEL/6/input/auxiliary/stig_overlay.xml | 2 +- .../accounts_password_pam_cracklib_lcredit.xml | 44 +--------------------- RHEL/6/input/profiles/CS2.xml | 2 +- RHEL/6/input/profiles/common.xml | 2 +- .../6/input/profiles/fisma-medium-rhel6-server.xml | 2 +- RHEL/6/input/profiles/rht-ccp.xml | 2 +- RHEL/6/input/profiles/usgcb-rhel6-server.xml | 2 +- RHEL/6/input/system/accounts/pam.xml | 2 +- .../accounts_password_pam_cracklib_lcredit.xml | 1 + RHEL/7/input/profiles/.gitignore | 1 + RHEL/7/input/profiles/rht-ccp.xml | 8 ++-- .../accounts_password_pam_cracklib_lcredit.xml | 44 ++++++++++++++++++++++ 12 files changed, 57 insertions(+), 55 deletions(-) mode change 100644 => 120000 RHEL/6/input/checks/accounts_password_pam_cracklib_lcredit.xml create mode 120000 RHEL/7/input/checks/accounts_password_pam_cracklib_lcredit.xml create mode 100644 RHEL/7/input/profiles/.gitignore create mode 100644 shared/oval/accounts_password_pam_cracklib_lcredit.xml diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml b/RHEL/6/input/auxiliary/stig_overlay.xml index b2416cc..d89720c 100644 --- a/RHEL/6/input/auxiliary/stig_overlay.xml +++ b/RHEL/6/input/auxiliary/stig_overlay.xml @@ -180,7 +180,7 @@ The system must require passwords to contain at least one special character. - + The system must require passwords to contain at least one lowercase alphabetic character. diff --git a/RHEL/6/input/checks/accounts_password_pam_cracklib_lcredit.xml b/RHEL/6/input/checks/accounts_password_pam_cracklib_lcredit.xml deleted file mode 100644 index 47306ec..0000000 --- a/RHEL/6/input/checks/accounts_password_pam_cracklib_lcredit.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - Set Password lcredit Requirements - - Red Hat Enterprise Linux 6 - - The password lcredit should meet minimum - requirements using pam_cracklib - - - - - - - - - - - - - - 1 - - - - - - - /etc/pam.d/system-auth - ^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]lcredit=(-?\d+)(?:[\s]|$) - 1 - - diff --git a/RHEL/6/input/checks/accounts_password_pam_cracklib_lcredit.xml b/RHEL/6/input/checks/accounts_password_pam_cracklib_lcredit.xml new file mode 120000 index 0000000..7e6ba85 --- /dev/null +++ b/RHEL/6/input/checks/accounts_password_pam_cracklib_lcredit.xml @@ -0,0 +1 @@ +../../../../shared/oval/accounts_password_pam_cracklib_lcredit.xml \ No newline at end of file diff --git a/RHEL/6/input/profiles/CS2.xml b/RHEL/6/input/profiles/CS2.xml index b615f09..fc348ae 100644 --- a/RHEL/6/input/profiles/CS2.xml +++ b/RHEL/6/input/profiles/CS2.xml @@ -11,7 +11,7 @@ + - - diff --git a/RHEL/6/input/profiles/rht-ccp.xml b/RHEL/6/input/profiles/rht-ccp.xml index ef14e6d..d5f983a 100644 --- a/RHEL/6/input/profiles/rht-ccp.xml +++ b/RHEL/6/input/profiles/rht-ccp.xml @@ -57,7 +57,7 @@ + diff --git a/RHEL/6/input/profiles/usgcb-rhel6-server.xml b/RHEL/6/input/profiles/usgcb-rhel6-server.xml index e323b38..704aa62 100644 --- a/RHEL/6/input/profiles/usgcb-rhel6-server.xml +++ b/RHEL/6/input/profiles/usgcb-rhel6-server.xml @@ -77,7 +77,7 @@ + diff --git a/RHEL/6/input/system/accounts/pam.xml b/RHEL/6/input/system/accounts/pam.xml index aeecc28..fb3a72e 100644 --- a/RHEL/6/input/system/accounts/pam.xml +++ b/RHEL/6/input/system/accounts/pam.xml @@ -342,7 +342,7 @@ more difficult by ensuring a larger search space. - + Set Password Strength Minimum Lowercase Characters The pam_cracklib module's lcredit= parameter controls requirements for usage of lowercase letters in a password. When set to a negative number, any password will be required to diff --git a/RHEL/7/input/checks/accounts_password_pam_cracklib_lcredit.xml b/RHEL/7/input/checks/accounts_password_pam_cracklib_lcredit.xml new file mode 120000 index 0000000..7e6ba85 --- /dev/null +++ b/RHEL/7/input/checks/accounts_password_pam_cracklib_lcredit.xml @@ -0,0 +1 @@ +../../../../shared/oval/accounts_password_pam_cracklib_lcredit.xml \ No newline at end of file diff --git a/RHEL/7/input/profiles/.gitignore b/RHEL/7/input/profiles/.gitignore new file mode 100644 index 0000000..1377554 --- /dev/null +++ b/RHEL/7/input/profiles/.gitignore @@ -0,0 +1 @@ +*.swp diff --git a/RHEL/7/input/profiles/rht-ccp.xml b/RHEL/7/input/profiles/rht-ccp.xml index 3424223..fc36e04 100644 --- a/RHEL/7/input/profiles/rht-ccp.xml +++ b/RHEL/7/input/profiles/rht-ccp.xml @@ -53,12 +53,10 @@