Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

accounts_password_pam_pwhistory_remember_system_auth is misaligned with DISA #11692

Closed
jan-cerny opened this issue Mar 13, 2024 · 1 comment
Closed

accounts_password_pam_pwhistory_remember_system_auth is misaligned with DISA #11692

jan-cerny opened this issue Mar 13, 2024 · 1 comment
Labels
blocked Issue that can't be fixed in content. productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related.

Comments

@jan-cerny
Copy link
Collaborator

Description of problem:

accounts_password_pam_pwhistory_remember_system_auth is misaligned with DISA

Details:

The SSG's rule allows to set the remember option also in /etc/security/pwhistory.conf and it prefers this file path.

The DISA's rule requires to set this option directly in /etc/pam.d/system-auth, it doesn't check /etc/security/pwhistory.conf.

Outcome:

SSG result: pass
DISA result: fail

The issue is present in these test variants:

  • oscap
  • ansible
  • anaconda

SCAP Security Guide Version:

Current upstream master as of 2024-03-12 as of HEAD cbbca44.

External Content's Version:

DISA STIG RHEL 9 V1R1
@jan-cerny jan-cerny added productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related. labels Mar 13, 2024
@Mab879 Mab879 added the blocked Issue that can't be fixed in content. label Apr 12, 2024
@jan-cerny
Copy link
Collaborator Author

The rule accounts_password_pam_pwhistory_remember_system_auth isn't present in the RHEL 9 STIG profile now. It has been removed by #12373.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked Issue that can't be fixed in content. productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Mab879 @jan-cerny