From 952a287cd9d0825bbd8eeeef176a3556545ac429 Mon Sep 17 00:00:00 2001 From: Alan Moore Date: Wed, 18 Dec 2024 23:20:22 +0000 Subject: [PATCH] Implement rule 5.3.3.2.4 Ensure password same consecutive characters is configured --- controls/cis_ubuntu2404.yml | 6 ++++-- .../accounts_password_pam_maxrepeat/rule.yml | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml index fcfcb3e927d..1f232ceadef 100644 --- a/controls/cis_ubuntu2404.yml +++ b/controls/cis_ubuntu2404.yml @@ -1880,8 +1880,10 @@ controls: levels: - l1_server - l1_workstation - status: planned - notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile. + rules: + - var_password_pam_maxrepeat=3 + - accounts_password_pam_maxrepeat + status: automated - id: 5.3.3.1.1 title: Ensure password failed attempts lockout is configured (Automated) diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml index 2e3c33f2264..157b451d6db 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml @@ -58,6 +58,9 @@ template: vars: variable: maxrepeat operation: less than or equal +{{%- if product == "ubuntu2404" %}} + zero_comparison_operation: greater than +{{%- endif %}} fixtext: |- Configure {{{ full_name }}} to require the change of the number of repeating consecutive characters when passwords are changed by setting the "maxrepeat" option.