>From 94cbca3982c8bbda5f618dfe69346e4a229b914f Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Tue, 24 Dec 2013 02:40:00 -0500 Subject: [PATCH 01/31] accounts_password_pam_cracklib_dcredit --> shared/
- Tested on RHEL7 - Updated filename -> filepath - Updated CPE info --- .../accounts_password_pam_cracklib_dcredit.xml | 45 +--------------------- .../accounts_password_pam_cracklib_dcredit.xml | 1 + .../accounts_password_pam_cracklib_dcredit.xml | 44 +++++++++++++++++++++ 3 files changed, 46 insertions(+), 44 deletions(-) mode change 100644 => 120000 RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml create mode 120000 RHEL/7/input/checks/accounts_password_pam_cracklib_dcredit.xml create mode 100644 shared/oval/accounts_password_pam_cracklib_dcredit.xml diff --git a/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml b/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml deleted file mode 100644 index 8ca68f5..0000000 --- a/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml +++ /dev/null @@ -1,44 +0,0 @@ -<def-group> - <definition class="compliance" id="accounts_password_pam_cracklib_dcredit" version="1"> - <metadata> - <title>Set Password dcredit Requirements</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>The password dcredit should meet minimum - requirements using pam_cracklib</description> - <reference source="DS" ref_id="20131011" ref_url="test_attestation" /> - </metadata> - <criteria> - <criterion comment="Conditions for dcredit are satisfied" - test_ref="test_password_pam_cracklib_dcredit" /> - </criteria> - </definition> - - <ind:textfilecontent54_test check="all" - comment="check the configuration of /etc/pam.d/system-auth" - id="test_password_pam_cracklib_dcredit" version="1"> - <ind:object object_ref="obj_password_pam_cracklib_dcredit" /> - <ind:state state_ref="state_password_pam_cracklib_dcredit" /> - </ind:textfilecontent54_test> - - <ind:textfilecontent54_state id="state_password_pam_cracklib_dcredit" - version="1"> - <ind:instance datatype="int">1</ind:instance> - <ind:subexpression datatype="int" - operation="less than or equal" - var_ref="var_password_pam_cracklib_dcredit" /> - </ind:textfilecontent54_state> - - <external_variable comment="External variable for pam_cracklib dcredit" - datatype="int" id="var_password_pam_cracklib_dcredit" - version="1" /> - - <ind:textfilecontent54_object id="obj_password_pam_cracklib_dcredit" - version="1"> - <ind:path>/etc/pam.d</ind:path> - <ind:filename>system-auth</ind:filename> - <ind:pattern operation="pattern match">^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]dcredit=(-?\d+)(?:[\s]|$)</ind:pattern> - <ind:instance datatype="int" operation="less than or equal">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml b/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml new file mode 120000 index 0000000..2c6ed77 --- /dev/null +++ b/RHEL/6/input/checks/accounts_password_pam_cracklib_dcredit.xml @@ -0,0 +1 @@ +../../../../shared/oval/accounts_password_pam_cracklib_dcredit.xml \ No newline at end of file diff --git a/RHEL/7/input/checks/accounts_password_pam_cracklib_dcredit.xml b/RHEL/7/input/checks/accounts_password_pam_cracklib_dcredit.xml new file mode 120000 index 0000000..2c6ed77 --- /dev/null +++ b/RHEL/7/input/checks/accounts_password_pam_cracklib_dcredit.xml @@ -0,0 +1 @@ +../../../../shared/oval/accounts_password_pam_cracklib_dcredit.xml \ No newline at end of file diff --git a/shared/oval/accounts_password_pam_cracklib_dcredit.xml b/shared/oval/accounts_password_pam_cracklib_dcredit.xml new file mode 100644 index 0000000..b86836f --- /dev/null +++ b/shared/oval/accounts_password_pam_cracklib_dcredit.xml @@ -0,0 +1,44 @@ +<def-group> + <definition class="compliance" id="accounts_password_pam_cracklib_dcredit" version="1"> + <metadata> + <title>Set Password dcredit Requirements</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + <platform>Red Hat Enterprise Linux 7</platform> + </affected> + <description>The password dcredit should meet minimum + requirements using pam_cracklib</description> + <reference source="DS" ref_id="20131011" ref_url="test_attestation" /> + </metadata> + <criteria> + <criterion comment="Conditions for dcredit are satisfied" + test_ref="test_password_pam_cracklib_dcredit" /> + </criteria> + </definition> + + <ind:textfilecontent54_test check="all" + comment="check the configuration of /etc/pam.d/system-auth" + id="test_password_pam_cracklib_dcredit" version="1"> + <ind:object object_ref="obj_password_pam_cracklib_dcredit" /> + <ind:state state_ref="state_password_pam_cracklib_dcredit" /> + </ind:textfilecontent54_test> + + <ind:textfilecontent54_state id="state_password_pam_cracklib_dcredit" + version="1"> + <ind:instance datatype="int">1</ind:instance> + <ind:subexpression datatype="int" + operation="less than or equal" + var_ref="var_password_pam_cracklib_dcredit" /> + </ind:textfilecontent54_state> + + <external_variable comment="External variable for pam_cracklib dcredit" + datatype="int" id="var_password_pam_cracklib_dcredit" + version="1" /> + + <ind:textfilecontent54_object id="obj_password_pam_cracklib_dcredit" + version="1"> + <ind:filepath>/etc/pam.d/system-auth</ind:filepath> + <ind:pattern operation="pattern match">^[\s]*password[\s]+(?:(?:required)|(?:requisite))[\s]+[\w_\.\-=\s]+[\s]dcredit=(-?\d+)(?:[\s]|$)</ind:pattern> + <ind:instance datatype="int" operation="less than or equal">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
