>From 94cbca3982c8bbda5f618dfe69346e4a229b914f Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Tue, 24 Dec 2013 02:40:00 -0500
Subject: [PATCH 01/31] accounts_password_pam_cracklib_dcredit --> shared/

- Tested on RHEL7
- Updated filename -> filepath
- Updated CPE info
---
 .../accounts_password_pam_cracklib_dcredit.xml     | 45 +---------------------
 .../accounts_password_pam_cracklib_dcredit.xml     |  1 +
 .../accounts_password_pam_cracklib_dcredit.xml     | 44 +++++++++++++++++++++
 3 files changed, 46 insertions(+), 44 deletions(-)
 mode change 100644 => 120000 
RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml
 create mode 120000 
RHEL/7/input/checks/accounts_password_pam_cracklib_dcredit.xml
 create mode 100644 shared/oval/accounts_password_pam_cracklib_dcredit.xml

diff --git a/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml 
b/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml
deleted file mode 100644
index 8ca68f5..0000000
--- a/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<def-group>
-  <definition class="compliance" id="accounts_password_pam_cracklib_dcredit" 
version="1">
-    <metadata>
-      <title>Set Password dcredit Requirements</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>The password dcredit should meet minimum
-      requirements using pam_cracklib</description>
-      <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
-    </metadata>
-    <criteria>
-      <criterion comment="Conditions for dcredit are satisfied"
-      test_ref="test_password_pam_cracklib_dcredit" />
-    </criteria>
-  </definition>
-
-  <ind:textfilecontent54_test check="all"
-  comment="check the configuration of /etc/pam.d/system-auth"
-  id="test_password_pam_cracklib_dcredit" version="1">
-    <ind:object object_ref="obj_password_pam_cracklib_dcredit" />
-    <ind:state state_ref="state_password_pam_cracklib_dcredit" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_state id="state_password_pam_cracklib_dcredit"
-  version="1">
-    <ind:instance datatype="int">1</ind:instance>
-    <ind:subexpression datatype="int"
-    operation="less than or equal"
-    var_ref="var_password_pam_cracklib_dcredit" />
-  </ind:textfilecontent54_state>
-
-  <external_variable comment="External variable for pam_cracklib dcredit"
-  datatype="int" id="var_password_pam_cracklib_dcredit"
-  version="1" />
-
-  <ind:textfilecontent54_object id="obj_password_pam_cracklib_dcredit"
-  version="1">
-    <ind:path>/etc/pam.d</ind:path>
-    <ind:filename>system-auth</ind:filename>
-    <ind:pattern operation="pattern 
match">^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]dcredit=(-?\d+)(?:[\s]|$)</ind:pattern>
-    <ind:instance datatype="int" operation="less than or 
equal">1</ind:instance>
-  </ind:textfilecontent54_object>
-</def-group>
diff --git a/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml 
b/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml
new file mode 120000
index 0000000..2c6ed77
--- /dev/null
+++ b/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml
@@ -0,0 +1 @@
+../../../../shared/oval/accounts_password_pam_cracklib_dcredit.xml
\ No newline at end of file
diff --git a/RHEL/7/input/checks/accounts_password_pam_cracklib_dcredit.xml 
b/RHEL/7/input/checks/accounts_password_pam_cracklib_dcredit.xml
new file mode 120000
index 0000000..2c6ed77
--- /dev/null
+++ b/RHEL/7/input/checks/accounts_password_pam_cracklib_dcredit.xml
@@ -0,0 +1 @@
+../../../../shared/oval/accounts_password_pam_cracklib_dcredit.xml
\ No newline at end of file
diff --git a/shared/oval/accounts_password_pam_cracklib_dcredit.xml 
b/shared/oval/accounts_password_pam_cracklib_dcredit.xml
new file mode 100644
index 0000000..b86836f
--- /dev/null
+++ b/shared/oval/accounts_password_pam_cracklib_dcredit.xml
@@ -0,0 +1,44 @@
+<def-group>
+  <definition class="compliance" id="accounts_password_pam_cracklib_dcredit" 
version="1">
+    <metadata>
+      <title>Set Password dcredit Requirements</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>The password dcredit should meet minimum
+      requirements using pam_cracklib</description>
+      <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
+    </metadata>
+    <criteria>
+      <criterion comment="Conditions for dcredit are satisfied"
+      test_ref="test_password_pam_cracklib_dcredit" />
+    </criteria>
+  </definition>
+
+  <ind:textfilecontent54_test check="all"
+  comment="check the configuration of /etc/pam.d/system-auth"
+  id="test_password_pam_cracklib_dcredit" version="1">
+    <ind:object object_ref="obj_password_pam_cracklib_dcredit" />
+    <ind:state state_ref="state_password_pam_cracklib_dcredit" />
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_state id="state_password_pam_cracklib_dcredit"
+  version="1">
+    <ind:instance datatype="int">1</ind:instance>
+    <ind:subexpression datatype="int"
+    operation="less than or equal"
+    var_ref="var_password_pam_cracklib_dcredit" />
+  </ind:textfilecontent54_state>
+
+  <external_variable comment="External variable for pam_cracklib dcredit"
+  datatype="int" id="var_password_pam_cracklib_dcredit"
+  version="1" />
+
+  <ind:textfilecontent54_object id="obj_password_pam_cracklib_dcredit"
+  version="1">
+    <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
+    <ind:pattern operation="pattern 
match">^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]dcredit=(-?\d+)(?:[\s]|$)</ind:pattern>
+    <ind:instance datatype="int" operation="less than or 
equal">1</ind:instance>
+  </ind:textfilecontent54_object>
+</def-group>
-- 
1.8.3.1

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to