|
 |
fe0dde |
From d09b82de682756213c96b396abb0c912bea32a2b Mon Sep 17 00:00:00 2001
|
|
|
fe0dde |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
fe0dde |
Date: Wed, 26 Aug 2020 17:50:57 +0200
|
|
|
fe0dde |
Subject: [PATCH 1/4] unify bash remediations
|
|
|
fe0dde |
|
|
|
fe0dde |
---
|
|
|
fe0dde |
.../accounts_maximum_age_login_defs/bash/fedora.sh | 11 -----------
|
|
|
fe0dde |
.../accounts_maximum_age_login_defs/bash/shared.sh | 2 +-
|
|
|
fe0dde |
2 files changed, 1 insertion(+), 12 deletions(-)
|
|
|
fe0dde |
delete mode 100644 linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/fedora.sh
|
|
|
fe0dde |
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/fedora.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/fedora.sh
|
|
|
fe0dde |
deleted file mode 100644
|
|
|
fe0dde |
index ef664f1a64..0000000000
|
|
|
fe0dde |
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/fedora.sh
|
|
|
fe0dde |
+++ /dev/null
|
|
|
fe0dde |
@@ -1,11 +0,0 @@
|
|
|
fe0dde |
-# platform = multi_platform_fedora
|
|
|
fe0dde |
-. /usr/share/scap-security-guide/remediation_functions
|
|
|
fe0dde |
-declare var_accounts_maximum_age_login_defs
|
|
|
fe0dde |
-populate var_accounts_maximum_age_login_defs
|
|
|
fe0dde |
-
|
|
|
fe0dde |
-grep -q ^PASS_MAX_DAYS /etc/login.defs && \
|
|
|
fe0dde |
-sed -i "s/PASS_MAX_DAYS.*/PASS_MAX_DAYS\t$var_accounts_maximum_age_login_defs/g" /etc/login.defs
|
|
|
fe0dde |
-if ! [ $? -eq 0 ]
|
|
|
fe0dde |
-then
|
|
|
fe0dde |
- echo -e "PASS_MAX_DAYS\t$var_accounts_maximum_age_login_defs" >> /etc/login.defs
|
|
|
fe0dde |
-fi
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh
|
|
|
fe0dde |
index 494e04abb9..9c61548d3a 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh
|
|
|
fe0dde |
@@ -1,4 +1,4 @@
|
|
|
fe0dde |
-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv
|
|
|
fe0dde |
+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_fedora
|
|
|
fe0dde |
. /usr/share/scap-security-guide/remediation_functions
|
|
|
fe0dde |
populate var_accounts_maximum_age_login_defs
|
|
|
fe0dde |
|
|
|
fe0dde |
|
|
|
fe0dde |
From 041017588bf29a3f84024ab2dd4928624dfbf82e Mon Sep 17 00:00:00 2001
|
|
|
fe0dde |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
fe0dde |
Date: Wed, 26 Aug 2020 17:51:19 +0200
|
|
|
fe0dde |
Subject: [PATCH 2/4] fix regex in oval check
|
|
|
fe0dde |
|
|
|
fe0dde |
---
|
|
|
fe0dde |
.../accounts_maximum_age_login_defs/oval/shared.xml | 2 +-
|
|
|
fe0dde |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
fe0dde |
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/oval/shared.xml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/oval/shared.xml
|
|
|
fe0dde |
index cd79ca81b5..27649723ac 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/oval/shared.xml
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/oval/shared.xml
|
|
|
fe0dde |
@@ -22,6 +22,6 @@
|
|
|
fe0dde |
<ind:filepath>/etc/login.defs</ind:filepath>
|
|
|
fe0dde |
|
|
|
fe0dde |
- <ind:pattern operation="pattern match">.*\n[^#]*(PASS_MAX_DAYS\s+\d+)\s*\n</ind:pattern>
|
|
|
fe0dde |
+ <ind:pattern operation="pattern match">^(?:.*\n)*\s*[^#]*(PASS_MAX_DAYS\s+\d+)\s*\n</ind:pattern>
|
|
|
fe0dde |
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
|
fe0dde |
</ind:textfilecontent54_object>
|
|
|
fe0dde |
|
|
|
fe0dde |
|
|
|
fe0dde |
From 6120e191d15b5869e6f95bea8c0a6e9de4e3e6fc Mon Sep 17 00:00:00 2001
|
|
|
fe0dde |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
fe0dde |
Date: Wed, 26 Aug 2020 17:51:37 +0200
|
|
|
fe0dde |
Subject: [PATCH 3/4] add tests
|
|
|
fe0dde |
|
|
|
fe0dde |
---
|
|
|
fe0dde |
.../tests/commented_standard.fail.sh | 5 +++++
|
|
|
fe0dde |
.../tests/commented_stig.fail.sh | 5 +++++
|
|
|
fe0dde |
.../tests/correct_standard.pass.sh | 5 +++++
|
|
|
fe0dde |
.../tests/correct_stig.pass.sh | 5 +++++
|
|
|
fe0dde |
.../tests/incorrect_standard.fail.sh | 5 +++++
|
|
|
fe0dde |
.../tests/incorrect_stig.fail.sh | 5 +++++
|
|
|
fe0dde |
6 files changed, 30 insertions(+)
|
|
|
fe0dde |
create mode 100644 linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_standard.fail.sh
|
|
|
fe0dde |
create mode 100644 linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_stig.fail.sh
|
|
|
fe0dde |
create mode 100644 linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_standard.pass.sh
|
|
|
fe0dde |
create mode 100644 linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_stig.pass.sh
|
|
|
fe0dde |
create mode 100644 linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_standard.fail.sh
|
|
|
fe0dde |
create mode 100644 linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_stig.fail.sh
|
|
|
fe0dde |
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_standard.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_standard.fail.sh
|
|
|
fe0dde |
new file mode 100644
|
|
|
fe0dde |
index 0000000000..84301cc031
|
|
|
fe0dde |
--- /dev/null
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_standard.fail.sh
|
|
|
fe0dde |
@@ -0,0 +1,5 @@
|
|
|
fe0dde |
+#!/bin/bash
|
|
|
fe0dde |
+# profiles = xccdf_org.ssgproject.content_profile_standard
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+rm -f /etc/login.defs
|
|
|
fe0dde |
+echo '#PASS_MAX_DAYS 90' > /etc/login.defs
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_stig.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_stig.fail.sh
|
|
|
fe0dde |
new file mode 100644
|
|
|
fe0dde |
index 0000000000..8ab4879dda
|
|
|
fe0dde |
--- /dev/null
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_stig.fail.sh
|
|
|
fe0dde |
@@ -0,0 +1,5 @@
|
|
|
fe0dde |
+#!/bin/bash
|
|
|
fe0dde |
+# profiles = xccdf_org.ssgproject.content_profile_stig
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+rm -f /etc/login.defs
|
|
|
fe0dde |
+echo '#PASS_MAX_DAYS 60' > /etc/login.defs
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_standard.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_standard.pass.sh
|
|
|
fe0dde |
new file mode 100644
|
|
|
fe0dde |
index 0000000000..989cf596d6
|
|
|
fe0dde |
--- /dev/null
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_standard.pass.sh
|
|
|
fe0dde |
@@ -0,0 +1,5 @@
|
|
|
fe0dde |
+#!/bin/bash
|
|
|
fe0dde |
+# profiles = xccdf_org.ssgproject.content_profile_standard
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+rm -f /etc/login.defs
|
|
|
fe0dde |
+echo "PASS_MAX_DAYS 90" > /etc/login.defs
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_stig.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_stig.pass.sh
|
|
|
fe0dde |
new file mode 100644
|
|
|
fe0dde |
index 0000000000..172cc4841d
|
|
|
fe0dde |
--- /dev/null
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_stig.pass.sh
|
|
|
fe0dde |
@@ -0,0 +1,5 @@
|
|
|
fe0dde |
+#!/bin/bash
|
|
|
fe0dde |
+# profiles = xccdf_org.ssgproject.content_profile_stig
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+rm -f /etc/login.defs
|
|
|
fe0dde |
+echo "PASS_MAX_DAYS 60" > /etc/login.defs
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_standard.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_standard.fail.sh
|
|
|
fe0dde |
new file mode 100644
|
|
|
fe0dde |
index 0000000000..4556ef09d5
|
|
|
fe0dde |
--- /dev/null
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_standard.fail.sh
|
|
|
fe0dde |
@@ -0,0 +1,5 @@
|
|
|
fe0dde |
+#!/bin/bash
|
|
|
fe0dde |
+# profiles = xccdf_org.ssgproject.content_profile_standard
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+rm -f /etc/login.defs
|
|
|
fe0dde |
+echo "PASS_MAX_DAYS 120" > /etc/login.defs
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_stig.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_stig.fail.sh
|
|
|
fe0dde |
new file mode 100644
|
|
|
fe0dde |
index 0000000000..d079467f2d
|
|
|
fe0dde |
--- /dev/null
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_stig.fail.sh
|
|
|
fe0dde |
@@ -0,0 +1,5 @@
|
|
|
fe0dde |
+#!/bin/bash
|
|
|
fe0dde |
+# profiles = xccdf_org.ssgproject.content_profile_stig
|
|
|
fe0dde |
+
|
|
|
fe0dde |
+rm -f /etc/login.defs
|
|
|
fe0dde |
+echo "PASS_MAX_DAYS 120" > /etc/login.defs
|
|
|
fe0dde |
|
|
|
fe0dde |
From c3dfc4148e2136ce74e1c59cd66ade7e540b51b3 Mon Sep 17 00:00:00 2001
|
|
|
fe0dde |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
fe0dde |
Date: Tue, 1 Sep 2020 14:46:23 +0200
|
|
|
fe0dde |
Subject: [PATCH 4/4] change platform of some tests to fedora
|
|
|
fe0dde |
|
|
|
fe0dde |
---
|
|
|
fe0dde |
...mented_standard.fail.sh => commented_standard_fedora.fail.sh} | 1 +
|
|
|
fe0dde |
...{correct_standard.pass.sh => correct_standard_fedora.pass.sh} | 1 +
|
|
|
fe0dde |
...orrect_standard.fail.sh => incorrect_standard_fedora.fail.sh} | 1 +
|
|
|
fe0dde |
3 files changed, 3 insertions(+)
|
|
|
fe0dde |
rename linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/{commented_standard.fail.sh => commented_standard_fedora.fail.sh} (79%)
|
|
|
fe0dde |
rename linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/{correct_standard.pass.sh => correct_standard_fedora.pass.sh} (79%)
|
|
|
fe0dde |
rename linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/{incorrect_standard.fail.sh => incorrect_standard_fedora.fail.sh} (79%)
|
|
|
fe0dde |
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_standard.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_standard_fedora.fail.sh
|
|
|
fe0dde |
similarity index 79%
|
|
|
fe0dde |
rename from linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_standard.fail.sh
|
|
|
fe0dde |
rename to linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_standard_fedora.fail.sh
|
|
|
fe0dde |
index 84301cc031..0add08ec19 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_standard.fail.sh
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/commented_standard_fedora.fail.sh
|
|
|
fe0dde |
@@ -1,5 +1,6 @@
|
|
|
fe0dde |
#!/bin/bash
|
|
|
fe0dde |
# profiles = xccdf_org.ssgproject.content_profile_standard
|
|
|
fe0dde |
+# platform = multi_platform_fedora
|
|
|
fe0dde |
|
|
|
fe0dde |
rm -f /etc/login.defs
|
|
|
fe0dde |
echo '#PASS_MAX_DAYS 90' > /etc/login.defs
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_standard.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_standard_fedora.pass.sh
|
|
|
fe0dde |
similarity index 79%
|
|
|
fe0dde |
rename from linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_standard.pass.sh
|
|
|
fe0dde |
rename to linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_standard_fedora.pass.sh
|
|
|
fe0dde |
index 989cf596d6..7fd75139c8 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_standard.pass.sh
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/correct_standard_fedora.pass.sh
|
|
|
fe0dde |
@@ -1,5 +1,6 @@
|
|
|
fe0dde |
#!/bin/bash
|
|
|
fe0dde |
# profiles = xccdf_org.ssgproject.content_profile_standard
|
|
|
fe0dde |
+# platform = multi_platform_fedora
|
|
|
fe0dde |
|
|
|
fe0dde |
rm -f /etc/login.defs
|
|
|
fe0dde |
echo "PASS_MAX_DAYS 90" > /etc/login.defs
|
|
|
fe0dde |
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_standard.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_standard_fedora.fail.sh
|
|
|
fe0dde |
similarity index 79%
|
|
|
fe0dde |
rename from linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_standard.fail.sh
|
|
|
fe0dde |
rename to linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_standard_fedora.fail.sh
|
|
|
fe0dde |
index 4556ef09d5..b4f647c324 100644
|
|
|
fe0dde |
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_standard.fail.sh
|
|
|
fe0dde |
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/tests/incorrect_standard_fedora.fail.sh
|
|
|
fe0dde |
@@ -1,5 +1,6 @@
|
|
|
fe0dde |
#!/bin/bash
|
|
|
fe0dde |
# profiles = xccdf_org.ssgproject.content_profile_standard
|
|
|
fe0dde |
+# platform = multi_platform_fedora
|
|
|
fe0dde |
|
|
|
fe0dde |
rm -f /etc/login.defs
|
|
|
fe0dde |
echo "PASS_MAX_DAYS 120" > /etc/login.defs
|