Add GH Action to check if there is a change in Ansible shell module u… #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Activate some rules that were previously disabled due to an incompatible prodtype.
Add some rules that were previously disabled due to prodtype.
Add some rules that were previously disabled due to prodtype.
Add some rules that were previously disabled due to prodtype.
…rd_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh Co-authored-by: Marcus Burghardt <2074099+marcusburghardt@users.noreply.github.com>
…rd_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh Co-authored-by: Marcus Burghardt <2074099+marcusburghardt@users.noreply.github.com>
…rd_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh Co-authored-by: Marcus Burghardt <2074099+marcusburghardt@users.noreply.github.com>
…ng_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh Co-authored-by: Marcus Burghardt <2074099+marcusburghardt@users.noreply.github.com>
Co-authored-by: Marcus Burghardt <2074099+marcusburghardt@users.noreply.github.com>
Co-authored-by: Marcus Burghardt <2074099+marcusburghardt@users.noreply.github.com>
Co-authored-by: Marcus Burghardt <2074099+marcusburghardt@users.noreply.github.com>
Co-authored-by: Marcus Burghardt <2074099+marcusburghardt@users.noreply.github.com>
rewrite accounts_passwords_pam_faillock_interval and accounts_passwords_pam_faillock_unlock_time to use this new template.
pam_account_password_faillock template
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
mildas
force-pushed
the
ansible_shell_diff
branch
2 times, most recently
from
4988204 to
1a7ce14
Compare
mildas
force-pushed
the
ansible_shell_diff
branch
3 times, most recently
from
2f22386 to
4426867
Compare
|
Change in Ansible Please consider using more suitable Ansible module than |
…dabot/github_actions/JamesIves/github-pages-deploy-action-4.6.1 Bump JamesIves/github-pages-deploy-action from 4.6.0 to 4.6.1
mildas
force-pushed
the
ansible_shell_diff
branch
from
4426867 to
7d477c5
Compare
…-prodtype-debian12 update debian12 anssi bp28 minimal profile
mildas
force-pushed
the
ansible_shell_diff
branch
from
7d477c5 to
112e46a
Compare
|
This datastream diff is auto generated by the check Click here to see the full diffbash remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember' differs.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember
@@ -2,6 +2,10 @@
if rpm --quiet -q pam; then
var_password_pam_unix_remember=''
+
+
+
+
if [ -f /usr/bin/authselect ]; then
OVAL for rule 'xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval' differs.
--- oval:ssg-accounts_passwords_pam_faillock_interval:def:1
+++ oval:ssg-accounts_passwords_pam_faillock_interval:def:1
@@ -1,19 +1,19 @@
criteria AND
criteria AND
criteria AND
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_system_pam_unix_auth:tst:1
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_password_pam_unix_auth:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_system_pam_unix_auth:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_password_pam_unix_auth:tst:1
criteria AND
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_system_pam_faillock_auth:tst:1
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_system_pam_faillock_account:tst:1
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_password_pam_faillock_auth:tst:1
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_password_pam_faillock_account:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_system_pam_faillock_auth:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_system_pam_faillock_account:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_password_pam_faillock_auth:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_password_pam_faillock_account:tst:1
criteria OR
criteria AND
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_parameter_pamd_system:tst:1
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_parameter_pamd_password:tst:1
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_parameter_no_faillock_conf:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_parameter_pamd_system:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_parameter_pamd_password:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_parameter_no_faillock_conf:tst:1
criteria AND
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_parameter_no_pamd_system:tst:1
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_parameter_no_pamd_password:tst:1
-criterion oval:ssg-test_accounts_passwords_pam_faillock_interval_parameter_faillock_conf:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_parameter_no_pamd_system:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_parameter_no_pamd_password:tst:1
+criterion oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_parameter_faillock_conf:tst:1
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_password_auth'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_password_auth
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_password_auth
@@ -10,8 +10,10 @@
In file /etc/pam.d/password-auth append rounds='xccdf_org.ssgproject.content_value_var_password_pam_unix_rounds'
to the pam_unix.so entry, as shown below:
+
password sufficient pam_unix.so ...existing_options... rounds='xccdf_org.ssgproject.content_value_var_password_pam_unix_rounds'
+
The system's default number of rounds is 5000.
[warning]:
OCIL for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_password_auth' differs.
--- ocil:ssg-accounts_password_pam_unix_rounds_password_auth_ocil:questionnaire:1
+++ ocil:ssg-accounts_password_pam_unix_rounds_password_auth_ocil:questionnaire:1
@@ -1,6 +1,7 @@
To verify the number of rounds for the password hashing algorithm is configured, run the following command:
$ sudo grep rounds /etc/pam.d/password-auth
The output should show the following match:
+
password sufficient pam_unix.so sha512 rounds=
Is it the case that rounds is not set to <sub idref="var_password_pam_unix_rounds" /> or is commented out?
|
mildas
force-pushed
the
ansible_shell_diff
branch
from
112e46a to
c91216e
Compare
mildas
force-pushed
the
ansible_shell_diff
branch
from
c91216e to
78f77a5
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…sage
Description:
Rationale:
Rationale here. Replace this text. Don't use the italics format!
Fixes # Issue number here (e.g. Updating sysctl XCCDF naming ComplianceAsCode/content#26) or remove this line if no issue exists.
Review Hints:
Review hints here. Replace this text. Don't use the italics format!
Use this optional section to give any relevant information which could help the reviewer to more quickly and assertively understand and test the changes.
Good examples are useful commands, if it is better to review all commits together or in a suggested sequence, any relevant discussion in other PRs or issues, etc.