I'm using scap-security-guide-0.1-12.el6.noarch as my source from http://people.redhat.com/swells/scap-security-guide/rpmbuild/src/redhat/RPMS/noarch/
Running oscap xccdf eval --profile server /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml Generates a failure for Title Set Password Minimum Age Rule password_min_age Ident CCE-27013-2 Result fail Title Set Password Maximum Age Rule password_max_age Ident CCE-26985-2 Result fail Title Set Password Strength Minimum Uppercase Characters Rule password_require_uppercases Ident CCE-26601-5 Result fail Title Set Password Strength Minimum Special Characters Rule password_require_specials Ident CCE-26409-3 Result fail Title Set Password Strength Minimum Lowercase Characters Rule password_require_lowercases Ident CCE-26631-2 Result fail Among others. I have cracklib configured what I believe is correct (according to the CCE) # grep cracklib /etc/pam.d/system-auth-ac password requisite pam_cracklib.so dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 difok=4 try_first_pass retry=3 minlen=14 type= # grep PASS /etc/login.defs PASS_MAX_DAYS 180 PASS_MIN_DAYS 1 PASS_MIN_LEN 14 PASS_WARN_AGE 7 Any help on what I might be missing here? Thanks! Will
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
