forked from ComplianceAsCode/content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate_OVAL_accounts_password
51 lines (46 loc) · 2.79 KB
/
template_OVAL_accounts_password
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<def-group>
<definition class="compliance" id="accounts_password_pam_{{{ VARIABLE }}}" version="3">
<metadata>
<title>Set Password {{{ VARIABLE }}} Requirements</title>
{{{- oval_affected(products) }}}
<description>The password {{{ VARIABLE }}} should meet minimum requirements</description>
</metadata>
{{% if product == "rhel6" %}}
<criteria>
<criterion comment="rhel6 pam_cracklib {{{ VARIABLE }}}" test_ref="test_password_pam_cracklib_{{{ VARIABLE }}}" />
</criteria>
{{% else %}}
<criteria operator="AND" comment="conditions for {{{ VARIABLE }}} are satisfied">
<extend_definition comment="pwquality.so exists in system-auth" definition_ref="accounts_password_pam_pwquality" />
<criterion comment="pwquality.conf" test_ref="test_password_pam_pwquality_{{{ VARIABLE }}}" />
</criteria>
{{% endif %}}
</definition>
{{% if product == "rhel6" %}}
<ind:textfilecontent54_test check="all" comment="check the configuration of /etc/pam.d/system-auth" id="test_password_pam_cracklib_{{{ VARIABLE }}}" version="3">
<ind:object object_ref="obj_password_pam_cracklib_{{{ VARIABLE }}}" />
<ind:state state_ref="state_password_pam_{{{ VARIABLE }}}" />
</ind:textfilecontent54_test>
<ind:textfilecontent54_object id="obj_password_pam_cracklib_{{{ VARIABLE }}}" version="3">
<ind:filepath>/etc/pam.d/system-auth</ind:filepath>
<ind:pattern operation="pattern match">^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_cracklib\.so.*{{{ VARIABLE }}}[\s]*=[\s]*({{{ SIGN }}}\d+)(?:[\s]|$)</ind:pattern>
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
</ind:textfilecontent54_object>
{{% else %}}
<ind:textfilecontent54_test check="all"
comment="check the configuration of /etc/security/pwquality.conf"
id="test_password_pam_pwquality_{{{ VARIABLE }}}" version="3">
<ind:object object_ref="obj_password_pam_pwquality_{{{ VARIABLE }}}" />
<ind:state state_ref="state_password_pam_{{{ VARIABLE }}}" />
</ind:textfilecontent54_test>
<ind:textfilecontent54_object id="obj_password_pam_pwquality_{{{ VARIABLE }}}" version="3">
<ind:filepath>/etc/security/pwquality.conf</ind:filepath>
<ind:pattern operation="pattern match">^{{{ VARIABLE }}}[\s]*=[\s]*({{{ SIGN }}}\d+)(?:[\s]|$)</ind:pattern>
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
</ind:textfilecontent54_object>
{{% endif %}}
<ind:textfilecontent54_state id="state_password_pam_{{{ VARIABLE }}}" version="3">
<ind:subexpression datatype="int" operation="{{{ OPERATION }}}" var_ref="var_password_pam_{{{ VARIABLE }}}" />
</ind:textfilecontent54_state>
<external_variable comment="External variable for pam_{{{ VARIABLE }}}" datatype="int" id="var_password_pam_{{{ VARIABLE }}}" version="3" />
</def-group>