Enforce explicit setting in password-auth #11742

jan-cerny · 2024-03-21T14:38:01Z

The rule passes if the rounds option isn't set but the profile uses a value that equals to system default value. This will no longer be possible. We will always require rounds to be set explicitly. The reason is to align the rule with DISA STIG.

The commit also updates the test scenarios to fail if the rounds isn't set and system default is used.

Fixes: #11696

The rule passes if the rounds option isn't set but the profile uses a value that equals to system default value. This will no longer be possible. We will always require rounds to be set explicitly. The reason is to align the rule with DISA STIG. The commit also updates the test scenarios to fail if the rounds isn't set and system default is used. Fixes: ComplianceAsCode#11696

github-actions · 2024-03-21T14:39:44Z

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

github-actions · 2024-03-21T14:42:51Z

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

OVAL for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_password_auth' differs.
--- oval:ssg-accounts_password_pam_unix_rounds_password_auth:def:1
+++ oval:ssg-accounts_password_pam_unix_rounds_password_auth:def:1
@@ -1,5 +1,2 @@
 criteria OR
 criterion oval:ssg-test_password_auth_pam_unix_rounds_is_set:tst:1
-criteria AND
-criterion oval:ssg-test_password_auth_pam_unix_rounds_is_default:tst:1
-criterion oval:ssg-test_password_auth_default_pam_unix_rounds_var:tst:1

github-actions · 2024-03-21T14:43:47Z

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11742
This image was built from commit: 2213049

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11742

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11742 make deploy-local

codeclimate · 2024-03-21T14:53:30Z

Code Climate has analyzed commit 2213049 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.3% (0.0% change).

View more on Code Climate.

Mab879

LGTM.

jan-cerny added bugfix Fixes to reported bugs. OVAL OVAL update. Related to the systems assessments. STIG STIG Benchmark related. labels Mar 21, 2024

jan-cerny added this to the 0.1.73 milestone Mar 21, 2024

Mab879 self-assigned this Mar 21, 2024

Mab879 approved these changes Mar 21, 2024

View reviewed changes

Mab879 merged commit a4fdc74 into ComplianceAsCode:master Mar 21, 2024
44 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enforce explicit setting in password-auth #11742

Enforce explicit setting in password-auth #11742

jan-cerny commented Mar 21, 2024

github-actions bot commented Mar 21, 2024

github-actions bot commented Mar 21, 2024

github-actions bot commented Mar 21, 2024

codeclimate bot commented Mar 21, 2024

Mab879 left a comment

Enforce explicit setting in password-auth #11742

Enforce explicit setting in password-auth #11742

Conversation

jan-cerny commented Mar 21, 2024

github-actions bot commented Mar 21, 2024

github-actions bot commented Mar 21, 2024

github-actions bot commented Mar 21, 2024

codeclimate bot commented Mar 21, 2024

Mab879 left a comment

Choose a reason for hiding this comment