not just sufficient?
diff --git a/shared/oval/set_password_hashing_algorithm_systemauth.xml
b/shared/oval/set_password_hashing_algorithm_systemauth.xml
index 8a5525e..2d71e8b 100644
--- a/shared/oval/set_password_hashing_algorithm_systemauth.xml
+++ b/shared/oval/set_password_hashing_algorithm_systemauth.xml
@@ -20,7 +20,7 @@
<ind:textfilecontent54_object comment="check /etc/pam.d/system-auth
for correct settings" id="object_pam_unix_sha512" version="1">
<ind:filepath>/etc/pam.d/system-auth</ind:filepath>
- <ind:pattern operation="pattern
match">^[\s]*password[\s]+sufficient[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern>
+ <ind:pattern operation="pattern
match">^[\s]*password[\s]+(?:(?:required)|(?:sufficient))[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
