content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

accounts_password_pam_pwhistory_remember_system_auth is misaligned with DISA

Open jan-cerny opened this issue 1 year ago • 0 comments

Description of problem:

accounts_password_pam_pwhistory_remember_system_auth is misaligned with DISA

Details:

The SSG's rule allows to set the remember option also in /etc/security/pwhistory.conf and it prefers this file path.

The DISA's rule requires to set this option directly in /etc/pam.d/system-auth, it doesn't check /etc/security/pwhistory.conf.

Outcome:

SSG result: pass DISA result: fail

The issue is present in these test variants:

  • oscap
  • ansible
  • anaconda

SCAP Security Guide Version:

Current upstream master as of 2024-03-12 as of HEAD cbbca44.

External Content's Version:

DISA STIG RHEL 9 V1R1

jan-cerny avatar Mar 13 '24 10:03 jan-cerny