On 8/1/14, 4:35 PM, Jeremiah Jahn wrote:
not just sufficient?diff --git a/shared/oval/set_password_hashing_algorithm_systemauth.xml b/shared/oval/set_password_hashing_algorithm_systemauth.xml index 8a5525e..2d71e8b 100644 --- a/shared/oval/set_password_hashing_algorithm_systemauth.xml +++ b/shared/oval/set_password_hashing_algorithm_systemauth.xml @@ -20,7 +20,7 @@ <ind:textfilecontent54_object comment="check /etc/pam.d/system-auth for correct settings" id="object_pam_unix_sha512" version="1"> <ind:filepath>/etc/pam.d/system-auth</ind:filepath> - <ind:pattern operation="pattern match">^[\s]*password[\s]+sufficient[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern> + <ind:pattern operation="pattern match">^[\s]*password[\s]+(?:(?:required)|(?:sufficient))[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object>
Yes, absolutely. Ack (please indicate if you need someone to push for you) -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
