|
 |
9be3b2 |
From 3d7b01a7fdc27f7e5a31ba508f7f84dab446aa4b Mon Sep 17 00:00:00 2001
|
|
|
9be3b2 |
From: Eduardo Barretto <eduardo.barretto@canonical.com>
|
|
|
9be3b2 |
Date: Wed, 16 Jun 2021 16:34:59 +0200
|
|
|
9be3b2 |
Subject: [PATCH 1/5] Add accounts_password_pam_dictcheck to UBTU-20-010056
|
|
|
9be3b2 |
|
|
|
9be3b2 |
---
|
|
|
9be3b2 |
products/ubuntu2004/profiles/stig.profile | 2 ++
|
|
|
9be3b2 |
1 file changed, 2 insertions(+)
|
|
|
9be3b2 |
|
|
|
9be3b2 |
diff --git a/products/ubuntu2004/profiles/stig.profile b/products/ubuntu2004/profiles/stig.profile
|
|
|
9be3b2 |
index 4d03bfe7ae..ac9685809c 100644
|
|
|
9be3b2 |
--- a/products/ubuntu2004/profiles/stig.profile
|
|
|
9be3b2 |
+++ b/products/ubuntu2004/profiles/stig.profile
|
|
|
9be3b2 |
@@ -113,6 +113,8 @@ selections:
|
|
|
9be3b2 |
- accounts_password_pam_ocredit
|
|
|
9be3b2 |
|
|
|
9be3b2 |
# UBTU-20-010056 The Ubuntu operating system must prevent the use of dictionary words for passwords.
|
|
|
9be3b2 |
+ - var_password_pam_dictcheck=1
|
|
|
9be3b2 |
+ - accounts_password_pam_dictcheck
|
|
|
9be3b2 |
|
|
|
9be3b2 |
# UBTU-20-010057 The Ubuntu operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.
|
|
|
9be3b2 |
- var_password_pam_retry=3
|
|
|
9be3b2 |
|
|
|
9be3b2 |
From 6c3c586a7fe27d68052428e02843c573f9cbd559 Mon Sep 17 00:00:00 2001
|
|
|
9be3b2 |
From: Eduardo Barretto <eduardo.barretto@canonical.com>
|
|
|
9be3b2 |
Date: Wed, 4 Aug 2021 18:11:48 +0200
|
|
|
9be3b2 |
Subject: [PATCH 2/5] Add ubuntu2004 to prodtype in
|
|
|
9be3b2 |
accounts_password_pam_dictcheck
|
|
|
9be3b2 |
|
|
|
9be3b2 |
---
|
|
|
9be3b2 |
.../accounts_password_pam_dictcheck/rule.yml | 2 +-
|
|
|
9be3b2 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
9be3b2 |
|
|
|
9be3b2 |
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
|
|
|
9be3b2 |
index 2990150c0a..00da0397b0 100644
|
|
|
9be3b2 |
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
|
|
|
9be3b2 |
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
|
|
|
9be3b2 |
@@ -1,6 +1,6 @@
|
|
|
9be3b2 |
documentation_complete: true
|
|
|
9be3b2 |
|
|
|
9be3b2 |
-prodtype: fedora,rhel8
|
|
|
9be3b2 |
+prodtype: fedora,rhel8,ubuntu2004
|
|
|
9be3b2 |
|
|
|
9be3b2 |
title: 'Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words'
|
|
|
9be3b2 |
|
|
|
9be3b2 |
|
|
|
9be3b2 |
From b523676430765ab7fff09f790618f091d3f916e2 Mon Sep 17 00:00:00 2001
|
|
|
9be3b2 |
From: Eduardo Barretto <eduardo.barretto@canonical.com>
|
|
|
9be3b2 |
Date: Wed, 4 Aug 2021 18:12:59 +0200
|
|
|
9be3b2 |
Subject: [PATCH 4/5] Add stigid@ubuntu2004 to accounts_password_pam_dictcheck
|
|
|
9be3b2 |
|
|
|
9be3b2 |
---
|
|
|
9be3b2 |
.../accounts_password_pam_dictcheck/rule.yml | 1 +
|
|
|
9be3b2 |
1 file changed, 1 insertion(+)
|
|
|
9be3b2 |
|
|
|
9be3b2 |
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
|
|
|
9be3b2 |
index bae2db25fe..226329d752 100644
|
|
|
9be3b2 |
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
|
|
|
9be3b2 |
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
|
|
|
9be3b2 |
@@ -29,6 +29,7 @@ references:
|
|
|
9be3b2 |
nist: IA-5(c),IA-5(1)(a),CM-6(a),IA-5(4)
|
|
|
9be3b2 |
srg: SRG-OS-000480-GPOS-00225
|
|
|
9be3b2 |
stigid@rhel8: RHEL-08-020300
|
|
|
9be3b2 |
+ stigid@ubuntu2004: UBTU-20-010056
|
|
|
9be3b2 |
|
|
|
9be3b2 |
ocil_clause: 'dictcheck is not found or not equal to the required value'
|
|
|
9be3b2 |
|
|
|
9be3b2 |
|
|
|
9be3b2 |
From 39973c39ea17fb13730f1bef239783464c1b4b01 Mon Sep 17 00:00:00 2001
|
|
|
9be3b2 |
From: Eduardo Barretto <eduardo.barretto@canonical.com>
|
|
|
9be3b2 |
Date: Wed, 4 Aug 2021 18:13:16 +0200
|
|
|
9be3b2 |
Subject: [PATCH 5/5] Add pam platform to accounts_password_pam_dictcheck
|
|
|
9be3b2 |
|
|
|
9be3b2 |
---
|
|
|
9be3b2 |
.../accounts_password_pam_dictcheck/rule.yml | 1 +
|
|
|
9be3b2 |
1 file changed, 1 insertion(+)
|
|
|
9be3b2 |
|
|
|
9be3b2 |
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
|
|
|
9be3b2 |
index 226329d752..d0d4b8c5c5 100644
|
|
|
9be3b2 |
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
|
|
|
9be3b2 |
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
|
|
|
9be3b2 |
@@ -39,6 +39,7 @@ ocil: |-
|
|
|
9be3b2 |
The <tt>dictcheck</tt> parameter should be equal to 1. The value should look like
|
|
|
9be3b2 |
dictcheck=1
|
|
|
9be3b2 |
|
|
|
9be3b2 |
+platform: pam
|
|
|
9be3b2 |
|
|
|
9be3b2 |
template:
|
|
|
9be3b2 |
name: accounts_password
|