Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New rules related to pam_pwquality #8185

Merged
merged 3 commits into from
Feb 10, 2022
Merged

New rules related to pam_pwquality #8185

merged 3 commits into from
Feb 10, 2022

Conversation

marcusburghardt
Copy link
Member

Introduce two new rules for the following STIG IDs:

  • RHEL-08-020100
  • RHEL-08-020101

Also updates the rule related to the STIG ID RHEL-08-020104:

  • accounts_password_pam_retry

@marcusburghardt marcusburghardt added DISA RHEL8 STIG Alignment New Rule Issues or pull requests related to new Rules. Update Rule Issues or pull requests related to Rules updates. labels Feb 9, 2022
@github-actions
Copy link

github-actions bot commented Feb 9, 2022

Start a new ephemeral environment with changes proposed in this pull request:

Open in Gitpod

@marcusburghardt marcusburghardt changed the title Pwquality New rules related to pam_pwquality Feb 9, 2022
@github-actions
Copy link

github-actions bot commented Feb 9, 2022

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
OCIL for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_retry' differs:
--- old datastream
+++ new datastream
@@ -1,6 +1,6 @@
 To check how many retry attempts are permitted on a per-session basis, run the following command:
 
-$ grep pam_pwquality /etc/pam.d/system-auth /etc/pam.d/password-auth
+$ grep retry /etc/security/pwquality.conf
 
 The retry parameter will indicate how many attempts are permitted.
 The DoD required value is less than or equal to 3.

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_retry' differs:
--- old datastream
+++ new datastream
@@ -4,7 +4,7 @@
 tags:
 - CCE-80664-6
 - CJIS-5.5.3
- - DISA-STIG-RHEL-08-020100
+ - DISA-STIG-RHEL-08-020104
 - NIST-800-53-AC-7(a)
 - NIST-800-53-CM-6(a)
 - NIST-800-53-IA-5(4)
@@ -30,7 +30,7 @@
 tags:
 - CCE-80664-6
 - CJIS-5.5.3
- - DISA-STIG-RHEL-08-020100
+ - DISA-STIG-RHEL-08-020104
 - NIST-800-53-AC-7(a)
 - NIST-800-53-CM-6(a)
 - NIST-800-53-IA-5(4)

@marcusburghardt
Copy link
Member Author

/retest

@Mab879 Mab879 self-assigned this Feb 10, 2022
@Mab879 Mab879 added this to the 0.1.61 milestone Feb 10, 2022
Mab879
Mab879 requested changes Feb 10, 2022
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good, just one issue with the test stability file.

@Mab879 Mab879 merged commit 681a8a6 into ComplianceAsCode:master Feb 10, 2022
@marcusburghardt marcusburghardt deleted the pwquality branch February 11, 2022 07:49
@marcusburghardt marcusburghardt added RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related. labels Jun 23, 2022
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

@ggbecker ggbecker Awaiting requested review from ggbecker

@yuumasato yuumasato Awaiting requested review from yuumasato

Assignees

@Mab879 Mab879

Labels
New Rule Issues or pull requests related to new Rules. RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.61
Development

Successfully merging this pull request may close these issues.
2 participants
@marcusburghardt @Mab879