>From e4eebf1b7652cbc716f6735ebeed1f6c400543b2 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 27 Dec 2013 00:32:05 -0500 Subject: [PATCH 09/31] Moved set_password_hashing_algorithm_systemauth to shared/
- Tested on RHEL7 - Updated CPE, moved to shared/, updated symlinks --- .../set_password_hashing_algorithm_systemauth.xml | 27 +--------------------- .../set_password_hashing_algorithm_systemauth.xml | 1 + .../set_password_hashing_algorithm_systemauth.xml | 27 ++++++++++++++++++++++ 3 files changed, 29 insertions(+), 26 deletions(-) mode change 100644 => 120000 RHEL/6/input/checks/set_password_hashing_algorithm_systemauth.xml create mode 120000 RHEL/7/input/checks/set_password_hashing_algorithm_systemauth.xml create mode 100644 shared/oval/set_password_hashing_algorithm_systemauth.xml diff --git a/RHEL/6/input/checks/set_password_hashing_algorithm_systemauth.xml b/RHEL/6/input/checks/set_password_hashing_algorithm_systemauth.xml deleted file mode 100644 index ac86592..0000000 --- a/RHEL/6/input/checks/set_password_hashing_algorithm_systemauth.xml +++ /dev/null @@ -1,26 +0,0 @@ -<def-group> - <definition class="compliance" id="set_password_hashing_algorithm_systemauth" version="1"> - <metadata> - <title>Set Password Hashing Algorithm in /etc/pam.d/system-auth</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>The password hashing algorithm should be set correctly in /etc/pam.d/system-auth.</description> - <reference source="MED" ref_id="20130819" ref_url="test_attestation" /> - </metadata> - <criteria operator="AND"> - <criterion test_ref="test_pam_unix_sha512" /> - </criteria> - </definition> - - <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="check /etc/pam.d/system-auth for correct settings" id="test_pam_unix_sha512" version="1"> - <ind:object object_ref="object_pam_unix_sha512" /> - </ind:textfilecontent54_test> - - <ind:textfilecontent54_object comment="check /etc/pam.d/system-auth for correct settings" id="object_pam_unix_sha512" version="1"> - <ind:filepath>/etc/pam.d/system-auth</ind:filepath> - <ind:pattern operation="pattern match">^[\s]*password[\s]+sufficient[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern> - <ind:instance datatype="int">1</ind:instance> - </ind:textfilecontent54_object> - -</def-group> diff --git a/RHEL/6/input/checks/set_password_hashing_algorithm_systemauth.xml b/RHEL/6/input/checks/set_password_hashing_algorithm_systemauth.xml new file mode 120000 index 0000000..d0a0f5d --- /dev/null +++ b/RHEL/6/input/checks/set_password_hashing_algorithm_systemauth.xml @@ -0,0 +1 @@ +../../../../shared/oval/set_password_hashing_algorithm_systemauth.xml \ No newline at end of file diff --git a/RHEL/7/input/checks/set_password_hashing_algorithm_systemauth.xml b/RHEL/7/input/checks/set_password_hashing_algorithm_systemauth.xml new file mode 120000 index 0000000..d0a0f5d --- /dev/null +++ b/RHEL/7/input/checks/set_password_hashing_algorithm_systemauth.xml @@ -0,0 +1 @@ +../../../../shared/oval/set_password_hashing_algorithm_systemauth.xml \ No newline at end of file diff --git a/shared/oval/set_password_hashing_algorithm_systemauth.xml b/shared/oval/set_password_hashing_algorithm_systemauth.xml new file mode 100644 index 0000000..8a5525e --- /dev/null +++ b/shared/oval/set_password_hashing_algorithm_systemauth.xml @@ -0,0 +1,27 @@ +<def-group> + <definition class="compliance" id="set_password_hashing_algorithm_systemauth" version="1"> + <metadata> + <title>Set Password Hashing Algorithm in /etc/pam.d/system-auth</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + <platform>Red Hat Enterprise Linux 7</platform> + </affected> + <description>The password hashing algorithm should be set correctly in /etc/pam.d/system-auth.</description> + <reference source="MED" ref_id="20130819" ref_url="test_attestation" /> + </metadata> + <criteria operator="AND"> + <criterion test_ref="test_pam_unix_sha512" /> + </criteria> + </definition> + + <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="check /etc/pam.d/system-auth for correct settings" id="test_pam_unix_sha512" version="1"> + <ind:object object_ref="object_pam_unix_sha512" /> + </ind:textfilecontent54_test> + + <ind:textfilecontent54_object comment="check /etc/pam.d/system-auth for correct settings" id="object_pam_unix_sha512" version="1"> + <ind:filepath>/etc/pam.d/system-auth</ind:filepath> + <ind:pattern operation="pattern match">^[\s]*password[\s]+sufficient[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern> + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> + +</def-group> -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
