content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

accounts_password_pam_retry is misaligned with DISA

Open jan-cerny opened this issue 1 year ago • 0 comments

Description of problem:

accounts_password_pam_retry is misaligned with DISA

Details:

The SSG's rule checks multiple locations and finds retry = 3 in /etc/security/pwquality.conf.

The DISA's rule checks only /etc/pam.d/system-auth.

Outcome:

SSG result: pass DISA result: fail

The issue is present in these test variants:

  • oscap
  • ansible

SCAP Security Guide Version:

Current upstream master as of 2024-03-12 as of HEAD cbbca44.

External Content's Version:

DISA STIG RHEL 9 V1R1

jan-cerny avatar Mar 13 '24 12:03 jan-cerny