>From 0e9dd677d1cbde723f0713a5227577c6dbb9db3c Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 27 Dec 2013 00:34:19 -0500 Subject: [PATCH 10/31] Moved set_password_hashing_algorithm_logindefs to shared/
- Tested on RHEL7 - Moved to shared/ - Updated CPE info --- .../set_password_hashing_algorithm_logindefs.xml | 26 +--------------------- .../set_password_hashing_algorithm_logindefs.xml | 1 + .../set_password_hashing_algorithm_logindefs.xml | 26 ++++++++++++++++++++++ 3 files changed, 28 insertions(+), 25 deletions(-) mode change 100644 => 120000 RHEL/6/input/checks/set_password_hashing_algorithm_logindefs.xml create mode 120000 RHEL/7/input/checks/set_password_hashing_algorithm_logindefs.xml create mode 100644 shared/oval/set_password_hashing_algorithm_logindefs.xml diff --git a/RHEL/6/input/checks/set_password_hashing_algorithm_logindefs.xml b/RHEL/6/input/checks/set_password_hashing_algorithm_logindefs.xml deleted file mode 100644 index 6ff2ce7..0000000 --- a/RHEL/6/input/checks/set_password_hashing_algorithm_logindefs.xml +++ /dev/null @@ -1,25 +0,0 @@ -<def-group> - <definition class="compliance" id="set_password_hashing_algorithm_logindefs" version="1"> - <metadata> - <title>Set SHA512 Password Hashing Algorithm in /etc/login.defs</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>The password hashing algorithm should be set correctly in /etc/login.defs.</description> - <reference source="MED" ref_id="20130819" ref_url="test_attestation" /> - </metadata> - <criteria operator="AND"> - <criterion test_ref="test_etc_logins_defs_encrypt_method" /> - </criteria> - </definition> - - <ind:textfilecontent54_test check="all" comment="check ENCRYPT_METHOD in /etc/login.defs" id="test_etc_logins_defs_encrypt_method" version="1"> - <ind:object object_ref="object_etc_logins_defs_encrypt_method" /> - </ind:textfilecontent54_test> - - <ind:textfilecontent54_object comment="check ENCRYPT_METHOD in /etc/login.defs" id="object_etc_logins_defs_encrypt_method" version="1"> - <ind:filepath>/etc/login.defs</ind:filepath> - <ind:pattern operation="pattern match">^[\s]*ENCRYPT_METHOD[\s]+SHA512[\s]*$</ind:pattern> - <ind:instance datatype="int">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL/6/input/checks/set_password_hashing_algorithm_logindefs.xml b/RHEL/6/input/checks/set_password_hashing_algorithm_logindefs.xml new file mode 120000 index 0000000..7fa58c1 --- /dev/null +++ b/RHEL/6/input/checks/set_password_hashing_algorithm_logindefs.xml @@ -0,0 +1 @@ +../../../../shared/oval/set_password_hashing_algorithm_logindefs.xml \ No newline at end of file diff --git a/RHEL/7/input/checks/set_password_hashing_algorithm_logindefs.xml b/RHEL/7/input/checks/set_password_hashing_algorithm_logindefs.xml new file mode 120000 index 0000000..7fa58c1 --- /dev/null +++ b/RHEL/7/input/checks/set_password_hashing_algorithm_logindefs.xml @@ -0,0 +1 @@ +../../../../shared/oval/set_password_hashing_algorithm_logindefs.xml \ No newline at end of file diff --git a/shared/oval/set_password_hashing_algorithm_logindefs.xml b/shared/oval/set_password_hashing_algorithm_logindefs.xml new file mode 100644 index 0000000..1dc2635 --- /dev/null +++ b/shared/oval/set_password_hashing_algorithm_logindefs.xml @@ -0,0 +1,26 @@ +<def-group> + <definition class="compliance" id="set_password_hashing_algorithm_logindefs" version="1"> + <metadata> + <title>Set SHA512 Password Hashing Algorithm in /etc/login.defs</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + <platform>Red Hat Enterprise Linux 7</platform> + </affected> + <description>The password hashing algorithm should be set correctly in /etc/login.defs.</description> + <reference source="MED" ref_id="20130819" ref_url="test_attestation" /> + </metadata> + <criteria operator="AND"> + <criterion test_ref="test_etc_logins_defs_encrypt_method" /> + </criteria> + </definition> + + <ind:textfilecontent54_test check="all" comment="check ENCRYPT_METHOD in /etc/login.defs" id="test_etc_logins_defs_encrypt_method" version="1"> + <ind:object object_ref="object_etc_logins_defs_encrypt_method" /> + </ind:textfilecontent54_test> + + <ind:textfilecontent54_object comment="check ENCRYPT_METHOD in /etc/login.defs" id="object_etc_logins_defs_encrypt_method" version="1"> + <ind:filepath>/etc/login.defs</ind:filepath> + <ind:pattern operation="pattern match">^[\s]*ENCRYPT_METHOD[\s]+SHA512[\s]*$</ind:pattern> + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
