Shawn, This should be a little bit better of a match to what you wanted for the password use remediation.
-Frank
>From c6bd643edc3f9504172225d6a0fce9771a6e1a77 Mon Sep 17 00:00:00 2001 From: Frank Caviggia <[email protected]> Date: Tue, 12 Nov 2013 22:35:19 -0500 Subject: [PATCH] accounts_password_reuse_limit.sh remediation Signed-off-by: Frank Caviggia <[email protected]> --- RHEL6/input/fixes/bash/accounts_password_reuse_limit.sh | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 RHEL6/input/fixes/bash/accounts_password_reuse_limit.sh diff --git a/RHEL6/input/fixes/bash/accounts_password_reuse_limit.sh b/RHEL6/input/fixes/bash/accounts_password_reuse_limit.sh new file mode 100644 index 0000000..e278e54 --- /dev/null +++ b/RHEL6/input/fixes/bash/accounts_password_reuse_limit.sh @@ -0,0 +1,8 @@ +source ./templates/support.sh +populate var_password_history_retain_limit + +if [ `grep -c 'remember=' /etc/pam.d/system-auth` -eq 0 ]; then + sed 's/^\s*password.*pam_unix\.so.*/& remember=$var_password_history_retain_limit/' /etc/pam.d/system-auth +else + sed 's/remember=[0-9]*/remember=$var_password_history_retain_limit/' /etc/pam.d/system-auth +fi -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
