[PATCH 06/22] OVAL signoff + remediation

Sun, 15 Sep 2013 19:57:39 -0700 

>From 387b0cdadaa9a6c0d54f5cfaa28538d2e4d05392 Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Wed, 11 Sep 2013 19:26:21 -0400
Subject: [PATCH 06/22] OVAL signoff + remediation: 
accounts_password_warn_age_login_defs
 - OVAL signoff
 - Added remediation

TESTING:
[root@SSG-RHEL6 checks]# var_password_warn_age=7 ; export var_password_warn_age
[root@SSG-RHEL6 checks]# sed  -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE   4/' 
/etc/login.defs
[root@SSG-RHEL6 checks]# ./testcheck.py 
accounts_password_warn_age_login_defs.xml
external_variable with id : var_password_warn_age
Evaluating with OVAL tempfile : 
/tmp/accounts_password_warn_age_login_defsIn0GFd.xml
Writing results to : 
/tmp/accounts_password_warn_age_login_defsIn0GFd.xml-results
Definition oval:scap-security-guide.testing:def:138: false
Evaluation done.
[root@SSG-RHEL6 checks]# sed  -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE   10/' 
/etc/login.defs
[root@SSG-RHEL6 checks]# ./testcheck.py 
accounts_password_warn_age_login_defs.xml
external_variable with id : var_password_warn_age
Evaluating with OVAL tempfile : 
/tmp/accounts_password_warn_age_login_defsxC78D6.xml
Writing results to : 
/tmp/accounts_password_warn_age_login_defsxC78D6.xml-results
Definition oval:scap-security-guide.testing:def:138: true
Evaluation done.
---
 .../accounts_password_warn_age_login_defs.xml      |    1 +
 .../bash/accounts_password_warn_age_login_defs.sh  |    8 ++++++++
 2 files changed, 9 insertions(+), 0 deletions(-)
 create mode 100644 
RHEL6/input/fixes/bash/accounts_password_warn_age_login_defs.sh

diff --git a/RHEL6/input/checks/accounts_password_warn_age_login_defs.xml 
b/RHEL6/input/checks/accounts_password_warn_age_login_defs.xml
index 7c153e7..40a6449 100644
--- a/RHEL6/input/checks/accounts_password_warn_age_login_defs.xml
+++ b/RHEL6/input/checks/accounts_password_warn_age_login_defs.xml
@@ -6,6 +6,7 @@
         <platform>Red Hat Enterprise Linux 6</platform>
       </affected>
       <description>The password expiration warning age should be set 
appropriately.</description>
+      <reference source="swells" ref_id="20130914" ref_url="test_attestation" 
/>
     </metadata>
     <criteria>
       <criterion test_ref="test_pass_warn_age" />
diff --git a/RHEL6/input/fixes/bash/accounts_password_warn_age_login_defs.sh 
b/RHEL6/input/fixes/bash/accounts_password_warn_age_login_defs.sh
new file mode 100644
index 0000000..0437705
--- /dev/null
+++ b/RHEL6/input/fixes/bash/accounts_password_warn_age_login_defs.sh
@@ -0,0 +1,8 @@
+source ./templates/support.sh
+populate var_password_warn_age
+
+grep -q ^PASS_WARN_DAYS /etc/login.defs && \
+  sed -i "s/PASS_WARN_DAYS.*/PASS_WARN_DAYS     $var_password_warn_age/g" 
/etc/login.defs
+if ! [ $? -eq 0 ]; then
+    echo "PASS_WARN_DAYS      $var_password_warn_age"
+fi
-- 
1.7.1


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to