>From 47cc33e919d9f4794e3ed387d0115618f6d061d1 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Fri, 27 Dec 2013 00:43:03 -0500 Subject: [PATCH 11/31] Moved set_password_hashing_algorithm_libuserconf to shared/
- Tested on RHEL7 - Moved to shared/ - Updated CPE info - Added symlinks --- .../set_password_hashing_algorithm_libuserconf.xml | 29 +--------------------- .../set_password_hashing_algorithm_libuserconf.xml | 1 + .../set_password_hashing_algorithm_libuserconf.xml | 29 ++++++++++++++++++++++ 3 files changed, 31 insertions(+), 28 deletions(-) mode change 100644 => 120000 RHEL/6/input/checks/set_password_hashing_algorithm_libuserconf.xml create mode 120000 RHEL/7/input/checks/set_password_hashing_algorithm_libuserconf.xml create mode 100644 shared/oval/set_password_hashing_algorithm_libuserconf.xml diff --git a/RHEL/6/input/checks/set_password_hashing_algorithm_libuserconf.xml b/RHEL/6/input/checks/set_password_hashing_algorithm_libuserconf.xml deleted file mode 100644 index ff0dfd2..0000000 --- a/RHEL/6/input/checks/set_password_hashing_algorithm_libuserconf.xml +++ /dev/null @@ -1,28 +0,0 @@ -<def-group> - <definition class="compliance" id="set_password_hashing_algorithm_libuserconf" version="1"> - <metadata> - <title>Set SHA512 Password Hashing Algorithm in /etc/libuser.conf</title> - <affected family="unix"> - <platform>Red Hat Enterprise Linux 6</platform> - </affected> - <description>The password hashing algorithm should be set correctly in /etc/libuser.conf.</description> - <reference source="MED" ref_id="20130819" ref_url="test_attestation" /> - </metadata> - <criteria operator="AND"> - <criterion test_ref="test_etc_libuser_conf_cryptstyle" /> - </criteria> - </definition> - - <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" - comment="The password hashing algorithm should be set correctly in /etc/libuser.conf" - id="test_etc_libuser_conf_cryptstyle" version="1"> - <ind:object object_ref="object_etc_libuser_conf_cryptstyle" /> - </ind:textfilecontent54_test> - - <ind:textfilecontent54_object comment="The password hashing algorithm should be set correctly in /etc/libuser.conf" - id="object_etc_libuser_conf_cryptstyle" version="1"> - <ind:filepath>/etc/libuser.conf</ind:filepath> - <ind:pattern operation="pattern match">^[\s]*crypt_style[\s]+=[\s]+(?i)sha512[\s]*$</ind:pattern> - <ind:instance datatype="int">1</ind:instance> - </ind:textfilecontent54_object> -</def-group> diff --git a/RHEL/6/input/checks/set_password_hashing_algorithm_libuserconf.xml b/RHEL/6/input/checks/set_password_hashing_algorithm_libuserconf.xml new file mode 120000 index 0000000..282d063 --- /dev/null +++ b/RHEL/6/input/checks/set_password_hashing_algorithm_libuserconf.xml @@ -0,0 +1 @@ +../../../../shared/oval/set_password_hashing_algorithm_libuserconf.xml \ No newline at end of file diff --git a/RHEL/7/input/checks/set_password_hashing_algorithm_libuserconf.xml b/RHEL/7/input/checks/set_password_hashing_algorithm_libuserconf.xml new file mode 120000 index 0000000..282d063 --- /dev/null +++ b/RHEL/7/input/checks/set_password_hashing_algorithm_libuserconf.xml @@ -0,0 +1 @@ +../../../../shared/oval/set_password_hashing_algorithm_libuserconf.xml \ No newline at end of file diff --git a/shared/oval/set_password_hashing_algorithm_libuserconf.xml b/shared/oval/set_password_hashing_algorithm_libuserconf.xml new file mode 100644 index 0000000..44d8214 --- /dev/null +++ b/shared/oval/set_password_hashing_algorithm_libuserconf.xml @@ -0,0 +1,29 @@ +<def-group> + <definition class="compliance" id="set_password_hashing_algorithm_libuserconf" version="1"> + <metadata> + <title>Set SHA512 Password Hashing Algorithm in /etc/libuser.conf</title> + <affected family="unix"> + <platform>Red Hat Enterprise Linux 6</platform> + <platform>Red Hat Enterprise Linux 7</platform> + </affected> + <description>The password hashing algorithm should be set correctly in /etc/libuser.conf.</description> + <reference source="MED" ref_id="20130819" ref_url="test_attestation" /> + </metadata> + <criteria operator="AND"> + <criterion test_ref="test_etc_libuser_conf_cryptstyle" /> + </criteria> + </definition> + + <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" + comment="The password hashing algorithm should be set correctly in /etc/libuser.conf" + id="test_etc_libuser_conf_cryptstyle" version="1"> + <ind:object object_ref="object_etc_libuser_conf_cryptstyle" /> + </ind:textfilecontent54_test> + + <ind:textfilecontent54_object comment="The password hashing algorithm should be set correctly in /etc/libuser.conf" + id="object_etc_libuser_conf_cryptstyle" version="1"> + <ind:filepath>/etc/libuser.conf</ind:filepath> + <ind:pattern operation="pattern match">^[\s]*crypt_style[\s]+=[\s]+(?i)sha512[\s]*$</ind:pattern> + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> +</def-group> -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
