From: root <[email protected]>
---
.../checks/accounts_password_hashing_algorithm.xml | 20 +++++++++++++-------
1 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/RHEL6/input/checks/accounts_password_hashing_algorithm.xml
b/RHEL6/input/checks/accounts_password_hashing_algorithm.xml
index 3e64c2c..1a9771a 100644
--- a/RHEL6/input/checks/accounts_password_hashing_algorithm.xml
+++ b/RHEL6/input/checks/accounts_password_hashing_algorithm.xml
@@ -14,31 +14,37 @@
</criteria>
</definition>
- <ind:textfilecontent54_test check="all"
check_existence="at_least_one_exists" comment="check /etc/pam.d/system-auth for
correct settings" id="test_pam_unix_sha512" version="1">
+ <ind:textfilecontent54_test check="all"
check_existence="at_least_one_exists" comment="check /etc/pam.d/system-auth for
correct settings"
+ id="test_pam_unix_sha512" version="1">
<ind:object object_ref="object_pam_unix_sha512" />
</ind:textfilecontent54_test>
- <ind:textfilecontent54_test check="all"
check_existence="at_least_one_exists" comment="check MD5_CRYPT_ENAB in
/etc/login.defs" id="test_etc_logins_defs_md5_crypt_enab" version="1">
+ <ind:textfilecontent54_test check="all"
check_existence="at_least_one_exists" comment="check MD5_CRYPT_ENAB in
/etc/login.defs"
+ id="test_etc_logins_defs_md5_crypt_enab" version="1">
<ind:object object_ref="object_etc_logins_defs_md5_crypt_enab" />
</ind:textfilecontent54_test>
- <ind:textfilecontent54_test check="all" comment="check ENCRYPT_METHOD in
/etc/login.defs" id="test_etc_logins_defs_encrypt_method" version="1">
+ <ind:textfilecontent54_test check="all" comment="check ENCRYPT_METHOD in
/etc/login.defs"
+ id="test_etc_logins_defs_encrypt_method" version="1">
<ind:object object_ref="object_etc_logins_defs_encrypt_method" />
</ind:textfilecontent54_test>
- <ind:textfilecontent54_object comment="check /etc/pam.d/system-auth for
correct settings" id="object_pam_unix_sha512" version="1">
+ <ind:textfilecontent54_object comment="check /etc/pam.d/system-auth for
correct settings"
+ id="object_pam_unix_sha512" version="1">
<ind:filepath>/etc/pam.d/system-auth</ind:filepath>
- <ind:pattern operation="pattern
match">^\s*password\s+sufficient\s+pam_unix.so\s+sha512.*$</ind:pattern>
+ <ind:pattern operation="pattern
match">^[\s]*password[\s]+sufficient[\s]+(?:[\w_\.\-=\s]+[\s])sha512</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
- <ind:textfilecontent54_object comment="check MD5_CRYPT_ENAB in
/etc/login.defs" id="object_etc_logins_defs_md5_crypt_enab" version="1">
+ <ind:textfilecontent54_object comment="check MD5_CRYPT_ENAB in
/etc/login.defs"
+ id="object_etc_logins_defs_md5_crypt_enab" version="1">
<ind:filepath>/etc/login.defs</ind:filepath>
<ind:pattern operation="pattern match">^MD5_CRYPT_ENAB\s+no$</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
- <ind:textfilecontent54_object comment="check ENCRYPT_METHOD in
/etc/login.defs" id="object_etc_logins_defs_encrypt_method" version="1">
+ <ind:textfilecontent54_object comment="check ENCRYPT_METHOD in
/etc/login.defs"
+ id="object_etc_logins_defs_encrypt_method" version="1">
<ind:filepath>/etc/login.defs</ind:filepath>
<ind:pattern operation="pattern
match">^\s*ENCRYPT_METHOD\s+SHA512\s*$</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
