The following patch: [1] https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=a38ece2...
added support for accounts_password_pam_cracklib_minclass OVAL check & corresponding remediation script.
But it got never used due to missing XCCDF definition. Therefore: 1) fix the accounts_password_pam_cracklib_minclass actual OVAL check implementation so it would be more aligned with existing accounts_password_* OVAL checks, 2) provide corresponding XCCDF definition for it & start using it.
Testing status: --------------- The change has been tested on RHEL-6 & works as expected (=> added the test_attestation timestamp into OVAL definition).
Please review.
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
P.S.: Will have a look at the corresponding remediation script yet to see if any updates are needed.