[PATCH 23/25] accounts_password_pam_cracklib_retry --> shared/

Shawn Wells Mon, 23 Dec 2013 18:01:12 -0800

>From 70f0c638696d47a7b9e55d9a0f6bee81ea21456e Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Mon, 23 Dec 2013 08:09:56 -0500
Subject: [PATCH 23/25] accounts_password_pam_cracklib_retry --> shared/


- Tested on RHEL7
- Updated symlinks

Signed-off-by: Shawn Wells <[email protected]>
---
:100644 120000 175b55c... 6480704... T  
RHEL/6/input/checks/accounts_password_pam_cracklib_retry.xml
:000000 120000 0000000... 6480704... A  
RHEL/7/input/checks/accounts_password_pam_cracklib_retry.xml
:100644 100644 f30f06e... 2e566bf... M  scap-security-guide.spec
:000000 100644 0000000... 70f5a5b... A  
shared/oval/accounts_password_pam_cracklib_retry.xml
 .../accounts_password_pam_cracklib_retry.xml       | 35 +---------------------
 .../accounts_password_pam_cracklib_retry.xml       |  1 +
 scap-security-guide.spec                           |  1 +
 .../oval/accounts_password_pam_cracklib_retry.xml  | 35 ++++++++++++++++++++++
 4 files changed, 38 insertions(+), 34 deletions(-)

diff --git a/RHEL/6/input/checks/accounts_password_pam_cracklib_retry.xml 
b/RHEL/6/input/checks/accounts_password_pam_cracklib_retry.xml
deleted file mode 100644
index 175b55c..0000000
--- a/RHEL/6/input/checks/accounts_password_pam_cracklib_retry.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<def-group>
-  <definition class="compliance" id="accounts_password_pam_cracklib_retry" 
version="1">
-    <metadata>
-      <title>Set Password retry Requirements</title>
-      <affected family="unix">
-        <platform>Red Hat Enterprise Linux 6</platform>
-      </affected>
-      <description>The password retry should meet minimum
-      requirements using pam_cracklib</description>
-      <reference source="swells" ref_id="20130928" ref_url="test_attestation"/>
-    </metadata>
-    <criteria>
-      <criterion comment="Conditions for retry are satisfied"
-      test_ref="test_password_pam_cracklib_retry" />
-    </criteria>
-  </definition>
-
-  <ind:textfilecontent54_test check="all" comment="check the configuration of 
/etc/pam.d/system-auth" id="test_password_pam_cracklib_retry" version="1">
-    <ind:object object_ref="obj_password_pam_cracklib_retry" />
-    <ind:state state_ref="state_password_pam_cracklib_retry" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="obj_password_pam_cracklib_retry" 
version="1">
-    <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
-    <ind:pattern operation="pattern 
match">^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_cracklib\.so.*retry=([0-9]*).*$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_state id="state_password_pam_cracklib_retry" 
version="1">
-    <ind:subexpression datatype="int" operation="less than or equal" 
var_ref="var_password_pam_cracklib_retry" />
-  </ind:textfilecontent54_state>
-
-  <external_variable comment="External variable for pam_cracklib retry" 
datatype="int" id="var_password_pam_cracklib_retry" version="1" />
-</def-group>
diff --git a/RHEL/6/input/checks/accounts_password_pam_cracklib_retry.xml 
b/RHEL/6/input/checks/accounts_password_pam_cracklib_retry.xml
new file mode 120000
index 0000000..6480704
--- /dev/null
+++ b/RHEL/6/input/checks/accounts_password_pam_cracklib_retry.xml
@@ -0,0 +1 @@
+../../../../shared/oval/accounts_password_pam_cracklib_retry.xml
\ No newline at end of file
diff --git a/RHEL/7/input/checks/accounts_password_pam_cracklib_retry.xml 
b/RHEL/7/input/checks/accounts_password_pam_cracklib_retry.xml
new file mode 120000
index 0000000..6480704
--- /dev/null
+++ b/RHEL/7/input/checks/accounts_password_pam_cracklib_retry.xml
@@ -0,0 +1 @@
+../../../../shared/oval/accounts_password_pam_cracklib_retry.xml
\ No newline at end of file
diff --git a/scap-security-guide.spec b/scap-security-guide.spec
index f30f06e..2e566bf 100644
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@@ -74,6 +74,7 @@ cp -a RHEL/6/input/auxiliary/scap-security-guide.8 
%{buildroot}%{_mandir}/en/man
 - OVAL for accounts_password_minlen_login_defs
 - OVAL for accounts_minimum_age_login_defs
 - OVAL for accounts_password_warn_age_login_defs
+- OVAL for accounts_password_pam_cracklib_retry
 
 * Fri Nov 01 2013 Jan iankko Lieskovsky <[email protected]> 0.1-15
 - Version bump
diff --git a/shared/oval/accounts_password_pam_cracklib_retry.xml 
b/shared/oval/accounts_password_pam_cracklib_retry.xml
new file mode 100644
index 0000000..70f5a5b
--- /dev/null
+++ b/shared/oval/accounts_password_pam_cracklib_retry.xml
@@ -0,0 +1,35 @@
+<def-group>
+  <definition class="compliance" id="accounts_password_pam_cracklib_retry" 
version="1">
+    <metadata>
+      <title>Set Password retry Requirements</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+        <platform>Red Hat Enterprise Linux 7</platform>
+      </affected>
+      <description>The password retry should meet minimum
+      requirements using pam_cracklib</description>
+      <reference source="swells" ref_id="20130928" ref_url="test_attestation"/>
+    </metadata>
+    <criteria>
+      <criterion comment="Conditions for retry are satisfied"
+      test_ref="test_password_pam_cracklib_retry" />
+    </criteria>
+  </definition>
+
+  <ind:textfilecontent54_test check="all" comment="check the configuration of 
/etc/pam.d/system-auth" id="test_password_pam_cracklib_retry" version="1">
+    <ind:object object_ref="obj_password_pam_cracklib_retry" />
+    <ind:state state_ref="state_password_pam_cracklib_retry" />
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object id="obj_password_pam_cracklib_retry" 
version="1">
+    <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
+    <ind:pattern operation="pattern 
match">^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_cracklib\.so.*retry=([0-9]*).*$</ind:pattern>
+    <ind:instance datatype="int">1</ind:instance>
+  </ind:textfilecontent54_object>
+
+  <ind:textfilecontent54_state id="state_password_pam_cracklib_retry" 
version="1">
+    <ind:subexpression datatype="int" operation="less than or equal" 
var_ref="var_password_pam_cracklib_retry" />
+  </ind:textfilecontent54_state>
+
+  <external_variable comment="External variable for pam_cracklib retry" 
datatype="int" id="var_password_pam_cracklib_retry" version="1" />
+</def-group>
-- 
1.8.3.1

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

[PATCH 23/25] accounts_password_pam_cracklib_retry --> shared/

Reply via email to