(please indicate if you need someone to push for you) ?
not quite sure what you mean, so that's probably a yes...
On Tue, Aug 5, 2014 at 6:35 PM, Shawn Wells <shawn(a)redhat.com> wrote:
On 8/1/14, 4:35 PM, Jeremiah Jahn wrote:
>
> not just sufficient?
>
> diff --git a/shared/oval/set_password_hashing_algorithm_systemauth.xml
> b/shared/oval/set_password_hashing_algorithm_systemauth.xml
> index 8a5525e..2d71e8b 100644
> --- a/shared/oval/set_password_hashing_algorithm_systemauth.xml
> +++ b/shared/oval/set_password_hashing_algorithm_systemauth.xml
> @@ -20,7 +20,7 @@
>
> <ind:textfilecontent54_object comment="check /etc/pam.d/system-auth
> for correct settings" id="object_pam_unix_sha512"
version="1">
> <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
> - <ind:pattern operation="pattern
>
>
match">^[\s]*password[\s]+sufficient[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern>
> + <ind:pattern operation="pattern
>
>
match">^[\s]*password[\s]+(?:(?:required)|(?:sufficient))[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern>
> <ind:instance datatype="int">1</ind:instance>
> </ind:textfilecontent54_object>
Yes, absolutely. Ack
(please indicate if you need someone to push for you)
--
SCAP Security Guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/