[Open-scap] Open-scap-list Digest, Vol 55, Issue 15

Matthew simontek at gmail.com
Thu Oct 24 16:18:03 UTC 2013 

Tempted to try something.  Remove the spaces in it. Reading the scan files
now to see what it looks for exactly.
On Oct 24, 2013 12:02 PM, <open-scap-list-request at redhat.com> wrote:

> Send Open-scap-list mailing list submissions to
>         open-scap-list at redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://www.redhat.com/mailman/listinfo/open-scap-list
> or, via email, send a message with subject or body 'help' to
>         open-scap-list-request at redhat.com
>
> You can reach the person managing the list at
>         open-scap-list-owner at redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Open-scap-list digest..."
>
>
> Today's Topics:
>
>    1. issue with PASS_MIN_DAYS validation (wm-lists)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 24 Oct 2013 08:52:41 -0400
> From: wm-lists <wm-lists at nixpeeps.com>
> To: open-scap-list at redhat.com
> Subject: [Open-scap] issue with PASS_MIN_DAYS validation
> Message-ID:
>         <CAOAEVKL3pfvEy009cDxcSW=eAV2ZP8-X=
> F5rDoUUYtYC_PdaJQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I'm using scap-security-guide-0.1-12.el6.noarch as my source from
>
>
> http://people.redhat.com/swells/scap-security-guide/rpmbuild/src/redhat/RPMS/noarch/
>
> Running oscap xccdf eval --profile server
> /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
> Generates a failure for
> Title   Set Password Minimum Age
> Rule    password_min_age
> Ident   CCE-27013-2
> Result  fail
>
> Title   Set Password Maximum Age
> Rule    password_max_age
> Ident   CCE-26985-2
> Result  fail
>
> Title   Set Password Strength Minimum Uppercase Characters
> Rule    password_require_uppercases
> Ident   CCE-26601-5
> Result  fail
>
> Title   Set Password Strength Minimum Special Characters
> Rule    password_require_specials
> Ident   CCE-26409-3
> Result  fail
>
> Title   Set Password Strength Minimum Lowercase Characters
> Rule    password_require_lowercases
> Ident   CCE-26631-2
> Result  fail
>
> Among others.
> I have cracklib configured what I believe is correct (according to the CCE)
> # grep cracklib /etc/pam.d/system-auth-ac
> password    requisite     pam_cracklib.so dcredit=-1 ucredit=-1 ocredit=-1
> lcredit=-1 difok=4 try_first_pass retry=3 minlen=14 type=
> # grep PASS /etc/login.defs
>
> PASS_MAX_DAYS   180
> PASS_MIN_DAYS   1
> PASS_MIN_LEN    14
> PASS_WARN_AGE   7
>
> Any help on what I might be missing here?
>
> Thanks!
> Will
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://www.redhat.com/archives/open-scap-list/attachments/20131024/46f609d3/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
>
> End of Open-scap-list Digest, Vol 55, Issue 15
> **********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20131024/7fa72f09/attachment.htm>

More information about the Open-scap-list mailing list