From 74209dd7becf11c27a7259dd7f235a4815f9f33b Mon Sep 17 00:00:00 2001 From: rchikov Date: Thu, 8 Jun 2023 16:27:20 +0200 Subject: [PATCH] Update of anssi profile for SLE 12/15 --- .../set_password_hashing_min_rounds_logindefs/rule.yml | 1 + .../accounts_password_pam_unix_rounds_password_auth/rule.yml | 2 +- .../accounts_password_pam_unix_rounds_system_auth/rule.yml | 2 +- products/sle12/profiles/anssi_bp28_enhanced.profile | 3 +++ products/sle12/profiles/anssi_bp28_high.profile | 3 +++ products/sle12/profiles/anssi_bp28_intermediary.profile | 3 +++ products/sle12/profiles/anssi_bp28_minimal.profile | 3 +++ products/sle15/profiles/anssi_bp28_enhanced.profile | 3 +++ products/sle15/profiles/anssi_bp28_high.profile | 3 +++ products/sle15/profiles/anssi_bp28_intermediary.profile | 3 +++ products/sle15/profiles/anssi_bp28_minimal.profile | 3 +++ 11 files changed, 27 insertions(+), 2 deletions(-) diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml index de303199d5d..9a490a8beab 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml @@ -31,6 +31,7 @@ identifiers: cce@sle15: CCE-85567-6 references: + anssi: BP28(R68) disa: CCI-000196,CCI-000803 nist@sle12: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1 srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml index ccb351ac3fb..f2932075534 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml @@ -37,7 +37,7 @@ identifiers: cce@sle15: CCE-91173-5 references: - anssi: BP28(R32) + anssi: BP28(R68) disa: CCI-000196 srg: SRG-OS-000073-GPOS-00041 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml index cbf23b9675d..c2c92fd71a5 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml @@ -31,7 +31,7 @@ identifiers: cce@sle15: CCE-91172-7 references: - anssi: BP28(R32) + anssi: BP28(R68) disa: CCI-000196 srg: SRG-OS-000073-GPOS-00041 diff --git a/products/sle12/profiles/anssi_bp28_enhanced.profile b/products/sle12/profiles/anssi_bp28_enhanced.profile index f255b5503c9..4cfa201707b 100644 --- a/products/sle12/profiles/anssi_bp28_enhanced.profile +++ b/products/sle12/profiles/anssi_bp28_enhanced.profile @@ -26,3 +26,6 @@ selections: - var_multiple_time_servers=suse - var_multiple_time_pools=suse - var_sudo_dedicated_group=default + - '!accounts_password_pam_unix_rounds_system_auth' + - '!accounts_password_pam_unix_rounds_password_auth' + - set_password_hashing_min_rounds_logindefs diff --git a/products/sle12/profiles/anssi_bp28_high.profile b/products/sle12/profiles/anssi_bp28_high.profile index 92fb8c97963..a10a9af8193 100644 --- a/products/sle12/profiles/anssi_bp28_high.profile +++ b/products/sle12/profiles/anssi_bp28_high.profile @@ -26,3 +26,6 @@ selections: - var_multiple_time_servers=suse - var_multiple_time_pools=suse - var_sudo_dedicated_group=default + - '!accounts_password_pam_unix_rounds_system_auth' + - '!accounts_password_pam_unix_rounds_password_auth' + - set_password_hashing_min_rounds_logindefs diff --git a/products/sle12/profiles/anssi_bp28_intermediary.profile b/products/sle12/profiles/anssi_bp28_intermediary.profile index 74fda0bdc6d..f27cb77cc96 100644 --- a/products/sle12/profiles/anssi_bp28_intermediary.profile +++ b/products/sle12/profiles/anssi_bp28_intermediary.profile @@ -26,3 +26,6 @@ selections: - var_multiple_time_servers=suse - var_multiple_time_pools=suse - var_sudo_dedicated_group=default + - '!accounts_password_pam_unix_rounds_system_auth' + - '!accounts_password_pam_unix_rounds_password_auth' + - set_password_hashing_min_rounds_logindefs diff --git a/products/sle12/profiles/anssi_bp28_minimal.profile b/products/sle12/profiles/anssi_bp28_minimal.profile index 9b1c5b2a54c..a151599badf 100644 --- a/products/sle12/profiles/anssi_bp28_minimal.profile +++ b/products/sle12/profiles/anssi_bp28_minimal.profile @@ -26,3 +26,6 @@ selections: - var_multiple_time_servers=suse - var_multiple_time_pools=suse - var_sudo_dedicated_group=default + - '!accounts_password_pam_unix_rounds_system_auth' + - '!accounts_password_pam_unix_rounds_password_auth' + - set_password_hashing_min_rounds_logindefs diff --git a/products/sle15/profiles/anssi_bp28_enhanced.profile b/products/sle15/profiles/anssi_bp28_enhanced.profile index f255b5503c9..4cfa201707b 100644 --- a/products/sle15/profiles/anssi_bp28_enhanced.profile +++ b/products/sle15/profiles/anssi_bp28_enhanced.profile @@ -26,3 +26,6 @@ selections: - var_multiple_time_servers=suse - var_multiple_time_pools=suse - var_sudo_dedicated_group=default + - '!accounts_password_pam_unix_rounds_system_auth' + - '!accounts_password_pam_unix_rounds_password_auth' + - set_password_hashing_min_rounds_logindefs diff --git a/products/sle15/profiles/anssi_bp28_high.profile b/products/sle15/profiles/anssi_bp28_high.profile index 92fb8c97963..a10a9af8193 100644 --- a/products/sle15/profiles/anssi_bp28_high.profile +++ b/products/sle15/profiles/anssi_bp28_high.profile @@ -26,3 +26,6 @@ selections: - var_multiple_time_servers=suse - var_multiple_time_pools=suse - var_sudo_dedicated_group=default + - '!accounts_password_pam_unix_rounds_system_auth' + - '!accounts_password_pam_unix_rounds_password_auth' + - set_password_hashing_min_rounds_logindefs diff --git a/products/sle15/profiles/anssi_bp28_intermediary.profile b/products/sle15/profiles/anssi_bp28_intermediary.profile index 74fda0bdc6d..f27cb77cc96 100644 --- a/products/sle15/profiles/anssi_bp28_intermediary.profile +++ b/products/sle15/profiles/anssi_bp28_intermediary.profile @@ -26,3 +26,6 @@ selections: - var_multiple_time_servers=suse - var_multiple_time_pools=suse - var_sudo_dedicated_group=default + - '!accounts_password_pam_unix_rounds_system_auth' + - '!accounts_password_pam_unix_rounds_password_auth' + - set_password_hashing_min_rounds_logindefs diff --git a/products/sle15/profiles/anssi_bp28_minimal.profile b/products/sle15/profiles/anssi_bp28_minimal.profile index 9b1c5b2a54c..a151599badf 100644 --- a/products/sle15/profiles/anssi_bp28_minimal.profile +++ b/products/sle15/profiles/anssi_bp28_minimal.profile @@ -26,3 +26,6 @@ selections: - var_multiple_time_servers=suse - var_multiple_time_pools=suse - var_sudo_dedicated_group=default + - '!accounts_password_pam_unix_rounds_system_auth' + - '!accounts_password_pam_unix_rounds_password_auth' + - set_password_hashing_min_rounds_logindefs