>From f6132e71107ed57d16f267ab15ae1150a4762679 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Mon, 23 Dec 2013 06:37:48 -0500 Subject: [PATCH 16/25] no_empty_passwords --> shared/
- Tested on RHEL7 - Updated CPE info - Added symlinks - Updated RPM changelog Signed-off-by: Shawn Wells <[email protected]> --- :100644 120000 de52bed... 0731be5... T RHEL/6/input/checks/no_empty_passwords.xml :000000 120000 0000000... 0731be5... A RHEL/7/input/checks/no_empty_passwords.xml :100644 100644 dc3b820... 121f739... M scap-security-guide.spec :000000 100644 0000000... f276561... A shared/oval/no_empty_passwords.xml RHEL/6/input/checks/no_empty_passwords.xml | 24 +----------------------- RHEL/7/input/checks/no_empty_passwords.xml | 1 + scap-security-guide.spec | 21 +++++++++++++-------- shared/oval/no_empty_passwords.xml | 24 ++++++++++++++++++++++++ 4 files changed, 39 insertions(+), 31 deletions(-) diff --git a/RHEL/6/input/checks/no_empty_passwords.xml b/RHEL/6/input/checks/no_empty_passwords.xml deleted file mode 100644 index de52bed..0000000 --- a/RHEL/6/input/checks/no_empty_passwords.xml +++ /dev/null @@ -1,23 +0,0 @@ -<def-group> - <definition class="compliance" id="no_empty_passwords" version="1"> - <metadata> - <title>No nullok Option in /etc/pam.d/system-auth</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>The file /etc/pam.d/system-auth should not contain the nullok option</description> - <reference source="swells" ref_id="20130918" ref_url="test_attestation" /> - </metadata> - <criteria> - <criterion comment="make sure the nullok option is not used in /etc/pam.d/system-auth" test_ref="test_no_empty_passwords" /> - </criteria> - </definition> - <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="make sure nullok is not used in /etc/pam.d/system-auth" id="test_no_empty_passwords" version="1"> - <ind:object object_ref="object_no_empty_passwords" /> - </ind:textfilecontent54_test> - <ind:textfilecontent54_object id="object_no_empty_passwords" version="1"> - <ind:filepath>/etc/pam.d/system-auth</ind:filepath> - <ind:pattern operation="pattern match">\s*nullok\s*</ind:pattern> - <ind:instance datatype="int">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL/6/input/checks/no_empty_passwords.xml b/RHEL/6/input/checks/no_empty_passwords.xml new file mode 120000 index 0000000..0731be5 --- /dev/null +++ b/RHEL/6/input/checks/no_empty_passwords.xml @@ -0,0 +1 @@ +../../../../shared/oval/no_empty_passwords.xml \ No newline at end of file diff --git a/RHEL/7/input/checks/no_empty_passwords.xml b/RHEL/7/input/checks/no_empty_passwords.xml new file mode 120000 index 0000000..0731be5 --- /dev/null +++ b/RHEL/7/input/checks/no_empty_passwords.xml @@ -0,0 +1 @@ +../../../../shared/oval/no_empty_passwords.xml \ No newline at end of file diff --git a/scap-security-guide.spec b/scap-security-guide.spec index dc3b820..121f739 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -56,14 +56,19 @@ cp -a RHEL/6/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man %changelog * Mon Dec 23 2013 Shawn Wells <[email protected]> 0.1-16.rc1 + Added RHEL7 content to SSG rpm -- partition_for_tmp -- partition_for_var -- partition_for_var_log -- partition_for_var_log_audit -- selinux_state -- selinux_policytype -- ensure_redhat_gpgkey_installed -- ensure_gpgcheck_never_disabled ++ Added to RHEL7 content pool: +- OVAL for partition_for_tmp +- OVAL for partition_for_var +- OVAL for partition_for_var_log +- OVAL for partition_for_var_log_audit +- OVAL for selinux_state +- OVAL for selinux_policytype +- OVAL for ensure_redhat_gpgkey_installed +- OVAL for ensure_gpgcheck_never_disabled +- OVAL for package_aide_installed +- OVAL for accounts_password_reuse_limit +- OVAL for no_shelllogin_for_systemaccounts +- OVAL for no_empty_passwords * Fri Nov 01 2013 Jan iankko Lieskovsky <[email protected]> 0.1-15 - Version bump diff --git a/shared/oval/no_empty_passwords.xml b/shared/oval/no_empty_passwords.xml new file mode 100644 index 0000000..f276561 --- /dev/null +++ b/shared/oval/no_empty_passwords.xml @@ -0,0 +1,24 @@ +<def-group> + <definition class="compliance" id="no_empty_passwords" version="1"> + <metadata> + <title>No nullok Option in /etc/pam.d/system-auth</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + <platform>Red Hat Enterprise Linux 7</platform> + </affected> + <description>The file /etc/pam.d/system-auth should not contain the nullok option</description> + <reference source="swells" ref_id="20130918" ref_url="test_attestation" /> + </metadata> + <criteria> + <criterion comment="make sure the nullok option is not used in /etc/pam.d/system-auth" test_ref="test_no_empty_passwords" /> + </criteria> + </definition> + <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="make sure nullok is not used in /etc/pam.d/system-auth" id="test_no_empty_passwords" version="1"> + <ind:object object_ref="object_no_empty_passwords" /> + </ind:textfilecontent54_test> + <ind:textfilecontent54_object id="object_no_empty_passwords" version="1"> + <ind:filepath>/etc/pam.d/system-auth</ind:filepath> + <ind:pattern operation="pattern match">\s*nullok\s*</ind:pattern> + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
