> On Oct 3, 2013, at 4:06 PM, [email protected] wrote: > > Shawn, > > This is probably a better approach - I'll resubmit the patch for > accounts_max_concurrent_login_sessions - do you think we should probably do > the same thing for disable_user_coredumps? > > -Frank > Yes, definitely! > > >> On 10/03/2013 02:25 PM, Shawn Wells wrote: >>> On 10/3/13 1:08 PM, Frank Caviggia wrote: >>> >>> 0001-Adding-remediation-fix-for-accounts_max_concurrent_l.patch >>> >>> From 3616e7abaf9d9b1c71d211ff435c77ef96c297d3 Mon Sep 17 00:00:00 2001 >>> From: Frank Caviggia <[email protected]> >>> Date: Thu, 3 Oct 2013 12:48:54 -0400 >>> Subject: [PATCH] Adding remediation fix for >>> accounts_max_concurrent_login_sessions >>> >>> Signed-off-by: Frank Caviggia <[email protected]> >>> --- >>> RHEL6/input/fixes/bash/accounts_max_concurrent_login_sessions.sh | 4 ++++ >>> 1 file changed, 4 insertions(+) >>> create mode 100644 >>> RHEL6/input/fixes/bash/accounts_max_concurrent_login_sessions.sh >>> >>> diff --git >>> a/RHEL6/input/fixes/bash/accounts_max_concurrent_login_sessions.sh >>> b/RHEL6/input/fixes/bash/accounts_max_concurrent_login_sessions.sh >>> new file mode 100644 >>> index 0000000..0ec1e06 >>> --- /dev/null >>> +++ b/RHEL6/input/fixes/bash/accounts_max_concurrent_login_sessions.sh >>> @@ -0,0 +1,4 @@ >>> +source ./templates/support.sh >>> +populate max_concurrent_login_sessions_value >>> + >>> +echo "* hard maxlogins $max_concurrent_login_sessions_value" >> >>> /etc/security/limits.conf >>> -- >>> 1.8.3.1 >>> >> >> There are two failure conditions which we'll need to remediate: >> - maxlogins value to high >> - maxlogins not set (which your patch handles) >> >> Here's an example of how to address both: >> https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL6/input/fixes/bash/accounts_password_minlen_login_defs.sh >> >> A sed command will change any existing values, and should there not be any, >> the appropriate string is concatenated to the file. What do you think of >> that approach? I wasn't clever enough to get everything into a single >> one-liner, not sure if the efficiency could be increased. >> >> >> >> _______________________________________________ >> scap-security-guide mailing list >> [email protected] >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > > -- > Frank Caviggia > Consultant, Public Sector > [email protected] > (M) (571) 295-4560 > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
