All, Here is a remediation fix for account password reuse in SSG. Updated to use the '/etc/pam.d/system-auth' file.
Regards, Frank Caviggia -- Frank Caviggia Consultant, Public Sector [email protected]
>From f07acaac1fd235037a22d116ff27293f3e8e29d5 Mon Sep 17 00:00:00 2001 From: Frank Caviggia <[email protected]> Date: Mon, 11 Nov 2013 14:11:00 -0500 Subject: [PATCH] accounts_password_reuse_limit.sh remediation Signed-off-by: Frank Caviggia <[email protected]> --- RHEL6/input/fixes/bash/accounts_password_reuse_limit.sh | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 RHEL6/input/fixes/bash/accounts_password_reuse_limit.sh diff --git a/RHEL6/input/fixes/bash/accounts_password_reuse_limit.sh b/RHEL6/input/fixes/bash/accounts_password_reuse_limit.sh new file mode 100644 index 0000000..b4e9351 --- /dev/null +++ b/RHEL6/input/fixes/bash/accounts_password_reuse_limit.sh @@ -0,0 +1,4 @@ +source ./templates/support.sh +populate var_password_history_retain_limit + +sed -i 's/^\s*password\s+(?:(?:sufficient)|(?:required))\s+pam_unix\.so\ssha512*/password required pam_unix.so sha512 shadow try_first_pass use_authtok remember=$var_password_history_retain_limit/g' /etc/pam.d/system-auth -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
