>From 1fe18b439adc9f54746ce0185238455f84d12fbb Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Mon, 23 Dec 2013 06:10:41 -0500 Subject: [PATCH 14/25] accounts_password_reuse_limit --> shared/
- Migrated accounts_password_reuse_limit.xml to shared/ - Added CPE info - This feature of PAM behaves the same on RHEL7 Signed-off-by: Shawn Wells <[email protected]> --- :100644 120000 0a30209... d9858f3... T RHEL/6/input/checks/accounts_password_reuse_limit.xml :000000 120000 0000000... d9858f3... A RHEL/7/input/checks/accounts_password_reuse_limit.xml :000000 100644 0000000... a992791... A shared/oval/accounts_password_reuse_limit.xml .../input/checks/accounts_password_reuse_limit.xml | 33 +--------------------- .../input/checks/accounts_password_reuse_limit.xml | 1 + shared/oval/accounts_password_reuse_limit.xml | 33 ++++++++++++++++++++++ 3 files changed, 35 insertions(+), 32 deletions(-) diff --git a/RHEL/6/input/checks/accounts_password_reuse_limit.xml b/RHEL/6/input/checks/accounts_password_reuse_limit.xml deleted file mode 100644 index 0a30209..0000000 --- a/RHEL/6/input/checks/accounts_password_reuse_limit.xml +++ /dev/null @@ -1,32 +0,0 @@ -<def-group> - <definition class="compliance" id="accounts_password_reuse_limit" version="1"> - <metadata> - <title>Limit Password Reuse</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>The passwords to remember should be set correctly.</description> - <reference source="SDW" ref_id="20131025" ref_url="test_attestation" /> - </metadata> - <criteria> - <criterion comment="remember parameter is set to 0" test_ref="test_accounts_password_reuse_limit" /> - </criteria> - </definition> - - <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="remember is set in /etc/pam.d/system-auth" id="test_accounts_password_reuse_limit" version="1"> - <ind:object object_ref="object_accounts_password_reuse_limit" /> - <ind:state state_ref="state_accounts_password_reuse_limit" /> - </ind:textfilecontent54_test> - - <ind:textfilecontent54_object id="object_accounts_password_reuse_limit" version="1"> - <ind:filepath>/etc/pam.d/system-auth</ind:filepath> - <ind:pattern operation="pattern match">^\s*password\s+(?:(?:sufficient)|(?:required))\s+pam_unix\.so.*remember=([0-9]*).*$</ind:pattern> - <ind:instance datatype="int">1</ind:instance> - </ind:textfilecontent54_object> - - <ind:textfilecontent54_state id="state_accounts_password_reuse_limit" version="1"> - <ind:subexpression datatype="int" operation="greater than or equal" var_ref="var_password_history_retain_limit" /> - </ind:textfilecontent54_state> - - <external_variable comment="number of passwords that should be remembered" datatype="int" id="var_password_history_retain_limit" version="1" /> -</def-group> diff --git a/RHEL/6/input/checks/accounts_password_reuse_limit.xml b/RHEL/6/input/checks/accounts_password_reuse_limit.xml new file mode 120000 index 0000000..d9858f3 --- /dev/null +++ b/RHEL/6/input/checks/accounts_password_reuse_limit.xml @@ -0,0 +1 @@ +../../../../shared/oval/accounts_password_reuse_limit.xml \ No newline at end of file diff --git a/RHEL/7/input/checks/accounts_password_reuse_limit.xml b/RHEL/7/input/checks/accounts_password_reuse_limit.xml new file mode 120000 index 0000000..d9858f3 --- /dev/null +++ b/RHEL/7/input/checks/accounts_password_reuse_limit.xml @@ -0,0 +1 @@ +../../../../shared/oval/accounts_password_reuse_limit.xml \ No newline at end of file diff --git a/shared/oval/accounts_password_reuse_limit.xml b/shared/oval/accounts_password_reuse_limit.xml new file mode 100644 index 0000000..a992791 --- /dev/null +++ b/shared/oval/accounts_password_reuse_limit.xml @@ -0,0 +1,33 @@ +<def-group> + <definition class="compliance" id="accounts_password_reuse_limit" version="1"> + <metadata> + <title>Limit Password Reuse</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + <platform>Red Hat Enterprise Linux 7</platform> + </affected> + <description>The passwords to remember should be set correctly.</description> + <reference source="SDW" ref_id="20131025" ref_url="test_attestation" /> + </metadata> + <criteria> + <criterion comment="remember parameter is set to 0" test_ref="test_accounts_password_reuse_limit" /> + </criteria> + </definition> + + <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="remember is set in /etc/pam.d/system-auth" id="test_accounts_password_reuse_limit" version="1"> + <ind:object object_ref="object_accounts_password_reuse_limit" /> + <ind:state state_ref="state_accounts_password_reuse_limit" /> + </ind:textfilecontent54_test> + + <ind:textfilecontent54_object id="object_accounts_password_reuse_limit" version="1"> + <ind:filepath>/etc/pam.d/system-auth</ind:filepath> + <ind:pattern operation="pattern match">^\s*password\s+(?:(?:sufficient)|(?:required))\s+pam_unix\.so.*remember=([0-9]*).*$</ind:pattern> + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> + + <ind:textfilecontent54_state id="state_accounts_password_reuse_limit" version="1"> + <ind:subexpression datatype="int" operation="greater than or equal" var_ref="var_password_history_retain_limit" /> + </ind:textfilecontent54_state> + + <external_variable comment="number of passwords that should be remembered" datatype="int" id="var_password_history_retain_limit" version="1" /> +</def-group> -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
