[shawnw@ssg-rhel6-devbox checks]$ grep -rin deny_password_attempts_unlock ../
../system/accounts/pam.xml:442:<Rule id="deny_password_attempts_unlock_time"
severity="medium">
../auxiliary/stig_overlay.xml:1003: <overlay owner="disastig"
ruleid="deny_password_attempts_unlock_time" ownerid="RHEL-06-000356"
disa="47" severity="medium">
../profiles/nist-CL-IL-AL.xml:175:<select
idref="deny_password_attempts_unlock_time" selected="true" \>
../profiles/stig-rhel6-server-upstream.xml:96:<select
idref="deny_password_attempts_unlock_time" selected="true" />
../profiles/CSCF-RHEL6-MLS.xml:65:<select
idref="deny_password_attempts_unlock_time" selected="true" />
../profiles/fisma-medium-rhel6-server.xml:89:<select
idref="deny_password_attempts_unlock_time" selected="true" />
[shawnw@ssg-rhel6-devbox checks]$ sed -i
's/deny_password_attempts_unlock_time/accounts_passwords_pam_faillock_unlock_time/g'
../system/accounts/pam.xml ../auxiliary/* ../profiles/*
[shawnw@ssg-rhel6-devbox checks]$ grep -rin deny_password_attempts_unlock ../
Signed-off-by: Shawn Wells <shawn(a)redhat.com>
---
RHEL/6/input/auxiliary/stig_overlay.xml | 2 +-
RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml | 2 +-
.../6/input/profiles/fisma-medium-rhel6-server.xml | 2 +-
RHEL/6/input/profiles/nist-CL-IL-AL.xml | 2 +-
.../input/profiles/stig-rhel6-server-upstream.xml | 2 +-
RHEL/6/input/system/accounts/pam.xml | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/RHEL/6/input/auxiliary/stig_overlay.xml
b/RHEL/6/input/auxiliary/stig_overlay.xml
index 5465ef0..d6139ac 100644
--- a/RHEL/6/input/auxiliary/stig_overlay.xml
+++ b/RHEL/6/input/auxiliary/stig_overlay.xml
@@ -1000,7 +1000,7 @@
<VMSinfo VKey="38595" SVKey="50396" VRelease="1"
/>
<title>The system must be configured to require the use of a CAC, PIV compliant
hardware token, or Alternate Logon Token (ALT) for authentication.</title>
</overlay>
- <overlay owner="disastig"
ruleid="deny_password_attempts_unlock_time" ownerid="RHEL-06-000356"
disa="47" severity="medium">
+ <overlay owner="disastig"
ruleid="accounts_passwords_pam_faillock_unlock_time"
ownerid="RHEL-06-000356" disa="47" severity="medium">
<VMSinfo VKey="38592" SVKey="50393" VRelease="1"
/>
<title>The system must require administrator action to unlock an account locked
by excessive failed login attempts.</title>
</overlay>
diff --git a/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml
b/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml
index 4757cf6..5485faf 100644
--- a/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml
+++ b/RHEL/6/input/profiles/CSCF-RHEL6-MLS.xml
@@ -62,7 +62,7 @@ for production deployment.</description>
<select idref="cups_disable_browsing" selected="true" />
<select idref="cups_disable_printserver" selected="true" />
<select idref="deactivate_wireless_interfaces" selected="true"
/>
-<select idref="deny_password_attempts_unlock_time" selected="true"
/>
+<select idref="accounts_passwords_pam_faillock_unlock_time"
selected="true" />
<select idref="accounts_passwords_pam_faillock_deny"
selected="true" />
<select idref="accounts_passwords_pam_fail_interval"
selected="true" />
<select idref="dhcp_server_deny_bootp" selected="true" />
diff --git a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
index a1c4036..9e639f1 100644
--- a/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
+++ b/RHEL/6/input/profiles/fisma-medium-rhel6-server.xml
@@ -86,7 +86,7 @@
Delay pw prompt for 30min -->
<!-- TODO: PASSWORD PROMPT DELAY FOR 30min, possible?! -->
<refine-value idref="var_accounts_passwords_pam_faillock_unlock_time"
selector="604800"/>
-<select idref="deny_password_attempts_unlock_time" selected="true"
/>
+<select idref="accounts_passwords_pam_faillock_unlock_time"
selected="true" />
<!-- AC-8(a), AC-8(b), AC-8(c) -->
<refine-value idref="login_banner_text"
selector="usgcb_default"/>
diff --git a/RHEL/6/input/profiles/nist-CL-IL-AL.xml
b/RHEL/6/input/profiles/nist-CL-IL-AL.xml
index fd2087e..4ce86e2 100644
--- a/RHEL/6/input/profiles/nist-CL-IL-AL.xml
+++ b/RHEL/6/input/profiles/nist-CL-IL-AL.xml
@@ -172,7 +172,7 @@ assurance."</description>
<select idref="accounts_passwords_pam_fail_interval"
selected="true" \>
<!-- AC-7(b) -->
-<select idref="deny_password_attempts_unlock_time" selected="true"
\>
+<select idref="accounts_passwords_pam_faillock_unlock_time"
selected="true" \>
<!-- AC-8(a), AC-8(c) -->
<select idref="set_system_login_banner" selected="true" \>
diff --git a/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
b/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
index 0ef3c0a..9b01757 100644
--- a/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
+++ b/RHEL/6/input/profiles/stig-rhel6-server-upstream.xml
@@ -93,7 +93,7 @@ upstream project homepage is
https://fedorahosted.org/scap-security-guide/.
<select idref="display_login_attempts" selected="true" />
-<select idref="deny_password_attempts_unlock_time" selected="true"
/>
+<select idref="accounts_passwords_pam_faillock_unlock_time"
selected="true" />
<refine-value idref="var_accounts_passwords_pam_faillock_unlock_time"
selector="604800"/>
<select idref="accounts_passwords_pam_fail_interval"
selected="true" />
<refine-value idref="var_accounts_passwords_pam_faillock_fail_interval"
selector="900"/>
diff --git a/RHEL/6/input/system/accounts/pam.xml b/RHEL/6/input/system/accounts/pam.xml
index f8af660..feddbb6 100644
--- a/RHEL/6/input/system/accounts/pam.xml
+++ b/RHEL/6/input/system/accounts/pam.xml
@@ -439,7 +439,7 @@ prevents direct password guessing attacks.
<ref nist="AC-7(a)" disa="44" />
</Rule>
-<Rule id="deny_password_attempts_unlock_time"
severity="medium">
+<Rule id="accounts_passwords_pam_faillock_unlock_time"
severity="medium">
<title>Set Lockout Time For Failed Password Attempts</title>
<description>
To configure the system to lock out accounts after a number of incorrect login
--
1.7.1