>From ed965a106c9b6d7b88944d1a51deeee6b2bf0520 Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Sun, 15 Sep 2013 20:18:05 -0400
Subject: [PATCH 21/22] Updated accounts_password_minlen_login_defs
- XCCDF/OVAL namings
---
RHEL6/input/auxiliary/stig_overlay.xml | 2 +-
.../checks/accounts_password_minlen_login_defs.xml | 8 ++++----
RHEL6/input/profiles/CS2.xml | 4 ++--
RHEL6/input/profiles/common.xml | 4 ++--
RHEL6/input/profiles/fisma-medium-rhel6-server.xml | 4 ++--
RHEL6/input/profiles/test.xml | 4 ++--
RHEL6/input/profiles/usgcb-rhel6-server.xml | 4 ++--
.../accounts/restrictions/password_expiration.xml | 8 ++++----
8 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/RHEL6/input/auxiliary/stig_overlay.xml
b/RHEL6/input/auxiliary/stig_overlay.xml
index 647b250..10fd0c5 100644
--- a/RHEL6/input/auxiliary/stig_overlay.xml
+++ b/RHEL6/input/auxiliary/stig_overlay.xml
@@ -117,7 +117,7 @@
<overlay owner="disastig" ruleid="file_ownership_binary_dirs"
ownerid="RHEL-06-000048" disa="1499" severity="medium">
<title>All system command files must be owned by root.</title>
</overlay>
- <overlay owner="disastig" ruleid="password_min_len"
ownerid="RHEL-06-000050" disa="205" severity="medium">
+ <overlay owner="disastig" ruleid="accounts_password_minlen_login_defs"
ownerid="RHEL-06-000050" disa="205" severity="medium">
<title>The system must require passwords to contain a minimum
of 14 characters.</title>
</overlay>
<overlay owner="disastig" ruleid="password_min_age"
ownerid="RHEL-06-000051" disa="198" severity="medium">
diff --git a/RHEL6/input/checks/accounts_password_minlen_login_defs.xml
b/RHEL6/input/checks/accounts_password_minlen_login_defs.xml
index 7d20c27..2932c62 100644
--- a/RHEL6/input/checks/accounts_password_minlen_login_defs.xml
+++ b/RHEL6/input/checks/accounts_password_minlen_login_defs.xml
@@ -16,7 +16,7 @@
<ind:textfilecontent54_test check="all" comment="check PASS_MIN_LEN in
/etc/login.defs" id="test_etc_login_defs" version="1">
<ind:object object_ref="object_etc_login_defs" />
- <ind:state state_ref="state_password_min_len" />
+ <ind:state state_ref="state_accounts_password_minlen_login_defs" />
</ind:textfilecontent54_test>
<ind:textfilecontent54_object id="object_etc_login_defs" version="1">
@@ -25,10 +25,10 @@
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
- <ind:textfilecontent54_state id="state_password_min_len" version="1">
- <ind:subexpression operation="greater than or equal"
var_ref="var_password_min_len" datatype="int" />
+ <ind:textfilecontent54_state id="state_accounts_password_minlen_login_defs"
version="1">
+ <ind:subexpression operation="greater than or equal"
var_ref="var_accounts_password_minlen_login_defs" datatype="int" />
</ind:textfilecontent54_state>
- <external_variable comment="password minimum length" datatype="int"
id="var_password_min_len" version="1" />
+ <external_variable comment="password minimum length" datatype="int"
id="var_accounts_password_minlen_login_defs" version="1" />
</def-group>
diff --git a/RHEL6/input/profiles/CS2.xml b/RHEL6/input/profiles/CS2.xml
index 9e703fc..01d74c1 100644
--- a/RHEL6/input/profiles/CS2.xml
+++ b/RHEL6/input/profiles/CS2.xml
@@ -2,8 +2,8 @@
<title>Example Server Profile</title>
<description>This profile is an example of a customized server
profile.</description>
-<select idref="password_min_len" selected="true"/>
-<refine-value idref="var_password_min_len" selector="14"/>
+<select idref="accounts_password_minlen_login_defs" selected="true"/>
+<refine-value idref="var_accounts_password_minlen_login_defs" selector="14"/>
<select idref="password_min_age" selected="true"/>
<refine-value idref="var_password_min_age" selector="1"/>
<select idref="password_max_age" selected="true"/>
diff --git a/RHEL6/input/profiles/common.xml b/RHEL6/input/profiles/common.xml
index 6c6aa07..5acf312 100644
--- a/RHEL6/input/profiles/common.xml
+++ b/RHEL6/input/profiles/common.xml
@@ -47,7 +47,7 @@
<select idref="audit_logs_permissions" selected="true"/>
-<select idref="password_min_len" selected="true"/>
+<select idref="accounts_password_minlen_login_defs" selected="true"/>
<select idref="password_min_age" selected="true"/>
<select idref="password_max_age" selected="true"/>
<select idref="password_warn_age" selected="true"/>
@@ -228,7 +228,7 @@ these should likely be moved out of common.
<!-- Refine Values -->
<refine-value idref="var_umask_for_daemons" selector="027"/>
<!-- daemon umask -->
-<refine-value idref="var_password_min_len" selector="14"/>
+<refine-value idref="var_accounts_password_minlen_login_defs" selector="14"/>
<!-- password minimum length -->
<refine-value idref="var_password_max_age" selector="90"/>
<!-- maximum password age -->
diff --git a/RHEL6/input/profiles/fisma-medium-rhel6-server.xml
b/RHEL6/input/profiles/fisma-medium-rhel6-server.xml
index 18911ad..1f8f664 100644
--- a/RHEL6/input/profiles/fisma-medium-rhel6-server.xml
+++ b/RHEL6/input/profiles/fisma-medium-rhel6-server.xml
@@ -290,8 +290,8 @@
<select idref="no_empty_passwords" selected="true" />
<select idref="no_hashes_outside_shadow" selected="true" />
<select idref="no_netrc_files" selected="true" />
-<refine-value idref="var_password_min_len" selector="12" />
-<select idref="password_min_len" selected="true" />
+<refine-value idref="var_accounts_password_minlen_login_defs" selector="12" />
+<select idref="accounts_password_minlen_login_defs" selected="true" />
<select idref="password_min_age" selected="true" />
<select idref="password_max_age" selected="true" />
<select idref="password_warn_age" selected="true" />
diff --git a/RHEL6/input/profiles/test.xml b/RHEL6/input/profiles/test.xml
index f460ebb..36f6ed2 100644
--- a/RHEL6/input/profiles/test.xml
+++ b/RHEL6/input/profiles/test.xml
@@ -2,7 +2,7 @@
<title>test</title>
<description>This profile is for testing.</description>
<!--
-<select idref="password_min_len" selected="true"/>
+<select idref="accounts_password_minlen_login_defs" selected="true"/>
<select idref="password_min_age" selected="true"/>
<select idref="password_max_age" selected="true"/>
<select idref="password_warn_age" selected="true"/>
@@ -54,7 +54,7 @@
-<refine-value idref="var_password_min_len" selector="12"/>
+<refine-value idref="var_accounts_password_minlen_login_defs" selector="12"/>
<!-- password minimum length -->
<refine-value idref="var_password_max_age" selector="90"/>
<!-- maximum password age -->
diff --git a/RHEL6/input/profiles/usgcb-rhel6-server.xml
b/RHEL6/input/profiles/usgcb-rhel6-server.xml
index bdd5c08..322789b 100644
--- a/RHEL6/input/profiles/usgcb-rhel6-server.xml
+++ b/RHEL6/input/profiles/usgcb-rhel6-server.xml
@@ -70,8 +70,8 @@
<select idref="password_warn_age" selected="true" />
<refine-value idref="var_password_max_age" selector="60" />
<select idref="password_max_age" selected="true" />
-<refine-value idref="var_password_min_len" selector="12" />
-<select idref="password_min_len" selected="true" />
+<refine-value idref="var_accounts_password_minlen_login_defs" selector="12" />
+<select idref="accounts_password_minlen_login_defs" selected="true" />
<refine-value idref="password_retry" selector="3" />
<select idref="password_retry" selected="true" />
<refine-value idref="var_password_pam_cracklib_dcredit" selector="1" />
diff --git a/RHEL6/input/system/accounts/restrictions/password_expiration.xml
b/RHEL6/input/system/accounts/restrictions/password_expiration.xml
index 099b4aa..a09b1d2 100644
--- a/RHEL6/input/system/accounts/restrictions/password_expiration.xml
+++ b/RHEL6/input/system/accounts/restrictions/password_expiration.xml
@@ -29,7 +29,7 @@ age, and 7 day warning period with the following command:
<pre># chage -M 180 -m 7 -W 7 USER</pre>
</description>
-<Value id="var_password_min_len" type="number" >
+<Value id="var_accounts_password_minlen_login_defs" type="number" >
<title>minimum password length</title>
<description>Minimum number of characters in password</description>
<warning category="general">This will only check new passwords</warning>
@@ -76,12 +76,12 @@ age, and 7 day warning period with the following command:
<value selector="14">14</value>
</Value>
-<Rule id="password_min_len" severity="medium">
+<Rule id="accounts_password_minlen_login_defs" severity="medium">
<title>Set Password Minimum Length in login.defs</title>
<description>To specify password length requirements for new accounts,
edit the file <tt>/etc/login.defs</tt> and add or correct the following
lines:
-<pre>PASS_MIN_LEN 14<!-- <sub idref="var_password_min_len"> --></pre>
+<pre>PASS_MIN_LEN 14<!-- <sub idref="var_accounts_password_minlen_login_defs">
--></pre>
<br/><br/>
The DoD requirement is <tt>14</tt>.
The FISMA requirement is <tt>12</tt>.
@@ -103,7 +103,7 @@ must be carefully weighed against usability problems,
support costs, or counterp
behavior that may result.
</rationale>
<ident cce="27002-5" />
-<oval id="accounts_password_minlen_login_defs" value="var_password_min_len"/>
+<oval id="accounts_password_minlen_login_defs"
value="var_accounts_password_minlen_login_defs"/>
<ref nist="IA-5(f),IA-5(1)(a)" disa="205"/>
<tested by="DS" on="20121026"/>
</Rule>
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
