From 9d32548d86dee919d9a54b001c66dffd097a2aaa Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Tue, 7 Jan 2025 15:46:21 -0600 Subject: [PATCH] Update accounts_password_pam_retry for RHEL 10 --- .../accounts_password_pam_retry/ansible/shared.yml | 2 +- .../accounts_password_pam_retry/bash/shared.sh | 4 ++-- .../accounts_password_pam_retry/oval/shared.xml | 4 ++-- .../accounts_password_pam_retry/rule.yml | 6 +++--- .../accounts_password_pam_retry/tests/common.sh | 4 ++-- .../tests/pwquality_conf_commented.fail.sh | 2 +- .../tests/pwquality_conf_correct.pass.sh | 2 +- .../tests/pwquality_conf_correct_with_space.pass.sh | 2 +- .../tests/pwquality_conf_overriden.fail.sh | 2 +- .../tests/pwquality_conf_wrong.fail.sh | 2 +- 10 files changed, 15 insertions(+), 15 deletions(-) diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml index 25a0da980c0..bb71a6d80fa 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml @@ -5,7 +5,7 @@ # disruption = medium {{% if 'ubuntu' in product %}} {{% set configuration_files = ["common-password"] %}} -{{% elif product in ['ol8', 'ol9', 'rhel8', 'rhel9'] %}} +{{% elif product in ['ol8', 'ol9'] or 'rhel' in product %}} {{% set configuration_files = ["password-auth","system-auth"] %}} {{% else %}} {{% set configuration_files = ["system-auth"] %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/shared.sh index 608e1ab3fbd..4b26c7dda75 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/shared.sh @@ -1,6 +1,6 @@ # platform = multi_platform_all -{{% if product in ['ol8', 'ol9', 'rhel8', 'rhel9'] %}} +{{% if product in ['ol8', 'ol9'] or 'rhel' in product %}} {{% set configuration_files = ["password-auth","system-auth"] %}} {{% else %}} {{% set configuration_files = ["system-auth"] %}} @@ -9,7 +9,7 @@ {{{ bash_instantiate_variables("var_password_pam_retry") }}} -{{% if product in ['ol8', 'ol9', 'rhel8', 'rhel9'] -%}} +{{% if product in ['ol8', 'ol9'] or 'rhel' in product -%}} {{{ bash_replace_or_append('/etc/security/pwquality.conf', '^retry', '$var_password_pam_retry', diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/oval/shared.xml index 4ae8aec49b3..85ef117bd51 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/oval/shared.xml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/oval/shared.xml @@ -1,6 +1,6 @@ {{% if 'ubuntu' in product or 'debian' in product %}} {{% set configuration_files = ["common-password"] %}} -{{% elif product in ['ol8','ol9','rhel8', 'rhel9'] %}} +{{% elif product in ['ol8','ol9'] or 'rhel' in product %}} {{% set configuration_files = ["password-auth","system-auth"] %}} {{% else %}} {{% set configuration_files = ["system-auth"] %}} @@ -17,7 +17,7 @@ {{% for file in configuration_files %}} - {{% endfor %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml index 6e25f29481a..1fe3c52f0a5 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml @@ -5,7 +5,7 @@ title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts description: |- To configure the number of retry prompts that are permitted per-session: - {{% if product in ['ol8', 'ol9', 'rhel8', 'rhel9'] %}} + {{% if product in ['ol8', 'ol9'] or 'rhel' in product %}} Edit the /etc/security/pwquality.conf to include {{% else %}} Edit the pam_pwquality.so statement in @@ -56,7 +56,7 @@ ocil_clause: 'the value of "retry" is set to "0" or greater than "{{{ xccdf_valu ocil: |- Verify {{{ full_name }}} is configured to limit the "pwquality" retry option to {{{ xccdf_value("var_password_pam_retry") }}}. - {{% if product in ['ol8', 'ol9', 'rhel8', 'rhel9'] %}} + {{% if product in ['ol8', 'ol9'] or 'rhel' in product %}} Check for the use of the "pwquality" retry option in the pwquality.conf file with the following command: 
$ grep retry /etc/security/pwquality.conf
{{% else %}} @@ -75,7 +75,7 @@ platform: package[pam] fixtext: |- Configure {{{ full_name }}} to limit the "pwquality" retry option to {{{ xccdf_value("var_password_pam_retry") }}}. - {{% if product in ['ol8', 'ol9', 'rhel8', 'rhel9'] %}} + {{% if product in ['ol8', 'ol9'] or 'rhel' in product %}} Add the following line to the "/etc/security/pwquality.conf" file (or modify the line to have the required value): retry={{{ xccdf_value("var_password_pam_retry") }}} diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/common.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/common.sh index 02bd487048c..0ab3da26636 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/common.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/common.sh @@ -1,13 +1,13 @@ {{% if 'ubuntu' in product %}} configuration_files=("common-password") -{{% elif product in ['ol8', 'ol9', 'rhel8', 'rhel9'] %}} +{{% elif product in ['ol8', 'ol9'] or 'rhel' in product %}} configuration_files=("password-auth" "system-auth") {{% else %}} configuration_files=("system-auth") {{% endif %}} -{{% if product in ['ol8', 'ol9', 'rhel8', 'rhel9'] %}} +{{% if product in ['ol8', 'ol9'] or 'rhel' in product %}} authselect create-profile testingProfile --base-on sssd for file in ${configuration_files[@]}; do diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh index 19cac93f41d..c61f9b6d5fa 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel # variables = var_password_pam_retry=3 source common.sh diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh index ae605f71726..601d3275906 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel # variables = var_password_pam_retry=3 source common.sh diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh index ce7f4b7a3cb..e4f1de0cc4a 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel # variables = var_password_pam_retry=3 source common.sh diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh index 962112d6a25..d70521e76fe 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel # variables = var_password_pam_retry=3 source common.sh diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh index ea2eb57fed5..dc7fe32d110 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel # variables = var_password_pam_retry=3 source common.sh