content accounts_password_set_max_life_existing is misaligned with DISA

accounts_password_set_max_life_existing is misaligned with DISA

Open comps opened this issue 2 years ago • 3 comments

Description of problem:

disa-content-alignment-remediations Ansible
disa-content-alignment-remediations Ansible (GUI)
disa-content-alignment-remediations Bash
disa-content-alignment-remediations Bash (GUI)

fail with

Misalignments not passing after waiving:
  CCE-82473-0 CCI-000199 - SV-230367r627750_rule accounts_password_set_max_life_existing                                    pass - fail

SCAP Security Guide Version:

master as of 2023-01-16

Operating System Version:

RHEL-8.8

Steps to Reproduce:

compare_results.py ssg-stig-viewer.xml disa-xccdf-arf-results.xml

Jan 18 '23 14:01 comps

This is an issue with DISA's SCAP that has been reported to them already.

The test needs to have its check_existence changed to any_exist, as it is failing if there is no user with UID >= 1000. And, a colon needs to be added to avoid matching a substring of another user. Example, adm and admin users.

fix_RHEL-08-020210-SV-230367r627750_rule.diff.txt

Jan 26 '23 13:01 yuumasato

This was first noted on disa-stig-rhel8-v1r5-xccdf-scap.xml and as of disa-stig-rhel8-v1r8-xccdf-scap.xml, has not been fixed yet.

Jan 26 '23 13:01 yuumasato

This issue still exists in disa-stig-rhel8-v1r10-xccdf-scap.xml.

Aug 10 '23 18:08 Mab879

content content copied to clipboard

accounts_password_set_max_life_existing is misaligned with DISA

Description of problem:

SCAP Security Guide Version:

Operating System Version:

Steps to Reproduce:

content
content copied to clipboard