* [Fedora] OVAL check for sshd disable empty passwords ------------------------------------------------------ Rewrite the rule checking if SSH logins from accounts with empty passwords are allowed. Permit the rule to succeed only if some of the following is met: * sshd service is disabled, * default sshd config is used (sshd defaults to 'PermitEmptyPasswords no'), * in customized sshd config 'PermitEmptyPasswords no' ( disabling the access) is not preceded by (uncommented occurrence) of 'PermitEmptyPasswords yes' (enabling access)
The comments were kept in the patch intentionally to: * describe regular expressions used, * mention sshd_config behaviour (so me / someone else doesn't need to waste time on the format in the future).
After testing at RHEL-6 could be probably moved to /shared dir.
* [Fedora] Unselect no shelllogin for systemaccounts rule from being run by default ----------------------------------------------------------------------------------- Since it has been found to cause / have some issues. See e.g.: https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-December/0...
Please review.
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
scap-security-guide@lists.fedorahosted.org