This set of patches are all related to adding value selectors to the
deny_password_attempts rule, based on feedback from DISA FSO.
Willy Santos (4):
Added Value section for login retries and made necessary changes to
the deny_password_attempts to reflect the use of these values.
Created OVAL check accounts_passwords_pam_faillock_deny, for checking
the configured maximum number of failed login attempts the system
will allow before locking the account.
Added <sub> sections to the deny_password_attempts rule for automatic
substitution of correct value depending on profile.
Added <refine-value> for STIG-specific value for failed login
attempts.
.../accounts_passwords_pam_faillock_deny.xml | 50 ++++++++++++++++++++
RHEL6/input/profiles/STIG-server.xml | 2 +
RHEL6/input/system/accounts/pam.xml | 25 +++++++---
3 files changed, 70 insertions(+), 7 deletions(-)
create mode 100644 RHEL6/input/checks/accounts_passwords_pam_faillock_deny.xml
--
1.7.7.6
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
