Skip to content

add new stig rule accounts_password_pam_pwquality_retry#12965

Merged
ggbecker merged 5 commits into
ComplianceAsCode:masterfrom
vojtapolasek:new_rule_account_password_pwquality_retry
Feb 4, 2025
Merged

add new stig rule accounts_password_pam_pwquality_retry#12965
ggbecker merged 5 commits into
ComplianceAsCode:masterfrom
vojtapolasek:new_rule_account_password_pwquality_retry

Conversation

@vojtapolasek
Copy link
Copy Markdown
Collaborator

@vojtapolasek vojtapolasek commented Feb 4, 2025

Description:

  • add a rule which checks configuration of retry option in /etc/security/pwquality.conf
  • add it to RHEL 9 STIG profile

Rationale:

Review Hints:

  • review CI, in case it is needed run Automatus locally

@vojtapolasek vojtapolasek added New Rule Issues or pull requests related to new Rules. RHEL9 Red Hat Enterprise Linux 9 product related. Update Profile Issues or pull requests related to Profiles updates. STIG STIG Benchmark related. labels Feb 4, 2025
@vojtapolasek vojtapolasek added this to the 0.1.76 milestone Feb 4, 2025
@vojtapolasek
Copy link
Copy Markdown
Collaborator Author

vojtapolasek commented Feb 4, 2025

Automatus failures for Debian, RHEL 8 and Ubuntu are expected because the rule currently appears only in RHEL 9 content.

@vojtapolasek vojtapolasek force-pushed the new_rule_account_password_pwquality_retry branch from 658c733 to 5d9294f Compare February 4, 2025 10:06
ggbecker
ggbecker requested changes Feb 4, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@ggbecker ggbecker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add this rule to RHEL10 STIG as well? through the SRG control files. I guess you can look where accounts_password_pam_retry is and then replace there as well.

@ggbecker ggbecker self-assigned this Feb 4, 2025
@vojtapolasek
Copy link
Copy Markdown
Collaborator Author

vojtapolasek commented Feb 4, 2025

@ggbecker done. However, it seems that the SRG combines several rules together, there are other rules not related to limiting password retries. However, I would not like to fix this in this particular PR.

ggbecker
ggbecker requested changes Feb 4, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@ggbecker ggbecker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check my inline comment

@vojtapolasek
Copy link
Copy Markdown
Collaborator Author

vojtapolasek commented Feb 4, 2025

Great catch. I am going to add it.

@qlty-cloud-legacy
Copy link
Copy Markdown

qlty-cloud-legacy Bot commented Feb 4, 2025

Code Climate has analyzed commit b206a22 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

@vojtapolasek @ggbecker
Update linux_os/guide/system/accounts/accounts-pam/password_quality/p…
71ed532 
…assword_quality_pwquality/accounts_password_pam_pwquality_retry/policy/stig/shared.yml

Co-authored-by: Gabriel Becker <ggasparb@redhat.com>
@ggbecker ggbecker merged commit f54cc7c into ComplianceAsCode:master Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ggbecker ggbecker ggbecker approved these changes

@jan-cerny jan-cerny Awaiting requested review from jan-cerny jan-cerny is a code owner

Assignees

@ggbecker ggbecker

Labels

New Rule Issues or pull requests related to new Rules. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related. Update Profile Issues or pull requests related to Profiles updates.

Projects

None yet

Milestone

0.1.76

Development

Successfully merging this pull request may close these issues.

2 participants

@vojtapolasek @ggbecker