Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add new stig rule accounts_password_pam_pwquality_retry #12965

Merged
merged 5 commits into from
Feb 4, 2025
Merged

add new stig rule accounts_password_pam_pwquality_retry #12965

merged 5 commits into from
Feb 4, 2025

Conversation

vojtapolasek
Copy link
Collaborator

Description:

  • add a rule which checks configuration of retry option in /etc/security/pwquality.conf
  • add it to RHEL 9 STIG profile

Rationale:

Review Hints:

  • review CI, in case it is needed run Automatus locally

@vojtapolasek vojtapolasek added New Rule Issues or pull requests related to new Rules. RHEL9 Red Hat Enterprise Linux 9 product related. Update Profile Issues or pull requests related to Profiles updates. STIG STIG Benchmark related. labels Feb 4, 2025
@vojtapolasek vojtapolasek added this to the 0.1.76 milestone Feb 4, 2025
@vojtapolasek
Copy link
Collaborator Author

Automatus failures for Debian, RHEL 8 and Ubuntu are expected because the rule currently appears only in RHEL 9 content.

@vojtapolasek vojtapolasek force-pushed the new_rule_account_password_pwquality_retry branch from 658c733 to 5d9294f Compare February 4, 2025 10:06
ggbecker
ggbecker requested changes Feb 4, 2025
View reviewed changes
Copy link
Member

@ggbecker ggbecker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add this rule to RHEL10 STIG as well? through the SRG control files. I guess you can look where accounts_password_pam_retry is and then replace there as well.

@ggbecker ggbecker self-assigned this Feb 4, 2025
@vojtapolasek
Copy link
Collaborator Author

@ggbecker done. However, it seems that the SRG combines several rules together, there are other rules not related to limiting password retries. However, I would not like to fix this in this particular PR.

ggbecker
ggbecker requested changes Feb 4, 2025
View reviewed changes
Copy link
Member

@ggbecker ggbecker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check my inline comment

@vojtapolasek
Copy link
Collaborator Author

Great catch. I am going to add it.

@codeclimate CodeClimate
Copy link

codeclimate bot commented Feb 4, 2025

Code Climate has analyzed commit b206a22 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

@vojtapolasek @ggbecker
Update linux_os/guide/system/accounts/accounts-pam/password_quality/p…
71ed532 
…assword_quality_pwquality/accounts_password_pam_pwquality_retry/policy/stig/shared.yml

Co-authored-by: Gabriel Becker <[email protected]>
@ggbecker ggbecker merged commit f54cc7c into ComplianceAsCode:master Feb 4, 2025
28 of 99 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ggbecker ggbecker ggbecker approved these changes

@jan-cerny jan-cerny Awaiting requested review from jan-cerny

Assignees

@ggbecker ggbecker

Labels
New Rule Issues or pull requests related to new Rules. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related. Update Profile Issues or pull requests related to Profiles updates.
Projects
None yet
Milestone
0.1.76
Development

Successfully merging this pull request may close these issues.
2 participants
@vojtapolasek @ggbecker