|
 |
9e17c9 |
From 4ef59d44355179b6450ac493d4417a8b29d8ccf1 Mon Sep 17 00:00:00 2001
|
|
|
9e17c9 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
9e17c9 |
Date: Fri, 5 Aug 2022 11:45:15 +0200
|
|
|
9e17c9 |
Subject: [PATCH 1/4] fix ospp references
|
|
|
f386a0 |
|
|
|
f386a0 |
---
|
|
|
f386a0 |
linux_os/guide/system/accounts/enable_authselect/rule.yml | 1 +
|
|
|
9e17c9 |
1 file changed, 1 insertion(+)
|
|
|
f386a0 |
|
|
|
f386a0 |
diff --git a/linux_os/guide/system/accounts/enable_authselect/rule.yml b/linux_os/guide/system/accounts/enable_authselect/rule.yml
|
|
|
9e17c9 |
index c151d3c4aa1..f9b46c51ddd 100644
|
|
|
f386a0 |
--- a/linux_os/guide/system/accounts/enable_authselect/rule.yml
|
|
|
f386a0 |
+++ b/linux_os/guide/system/accounts/enable_authselect/rule.yml
|
|
|
f386a0 |
@@ -34,6 +34,7 @@ references:
|
|
|
f386a0 |
disa: CCI-000213
|
|
|
f386a0 |
hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii) # taken from require_singleuser_auth
|
|
|
f386a0 |
nist: AC-3
|
|
|
f386a0 |
+ ospp: FIA_UAU.1,FIA_AFL.1
|
|
|
f386a0 |
srg: SRG-OS-000480-GPOS-00227
|
|
|
f386a0 |
|
|
|
f386a0 |
ocil: |-
|
|
|
9e17c9 |
|
|
|
9e17c9 |
From 05a0414b565097c155d0c4a1696d8c4f2da91298 Mon Sep 17 00:00:00 2001
|
|
|
9e17c9 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
9e17c9 |
Date: Fri, 5 Aug 2022 11:45:42 +0200
|
|
|
9e17c9 |
Subject: [PATCH 2/4] change authselect profile to minimal in rhel9 ospp
|
|
|
9e17c9 |
|
|
|
9e17c9 |
---
|
|
|
9e17c9 |
products/rhel9/profiles/ospp.profile | 2 +-
|
|
|
9e17c9 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
9e17c9 |
|
|
|
f386a0 |
diff --git a/products/rhel9/profiles/ospp.profile b/products/rhel9/profiles/ospp.profile
|
|
|
9e17c9 |
index b47630c62b0..dcc41970043 100644
|
|
|
f386a0 |
--- a/products/rhel9/profiles/ospp.profile
|
|
|
f386a0 |
+++ b/products/rhel9/profiles/ospp.profile
|
|
|
f386a0 |
@@ -115,7 +115,7 @@ selections:
|
|
|
f386a0 |
- coredump_disable_storage
|
|
|
f386a0 |
- coredump_disable_backtraces
|
|
|
f386a0 |
- service_systemd-coredump_disabled
|
|
|
f386a0 |
- - var_authselect_profile=sssd
|
|
|
f386a0 |
+ - var_authselect_profile=minimal
|
|
|
f386a0 |
- enable_authselect
|
|
|
f386a0 |
- use_pam_wheel_for_su
|
|
|
f386a0 |
|
|
|
9e17c9 |
|
|
|
9e17c9 |
From 350135aa0c49a8a383103f88034acbb3925bb556 Mon Sep 17 00:00:00 2001
|
|
|
9e17c9 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
9e17c9 |
Date: Fri, 5 Aug 2022 11:45:54 +0200
|
|
|
9e17c9 |
Subject: [PATCH 3/4] change authselect profile to minimal in rhel8 ospp
|
|
|
9e17c9 |
|
|
|
9e17c9 |
---
|
|
|
9e17c9 |
products/rhel8/profiles/ospp.profile | 2 +-
|
|
|
9e17c9 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
9e17c9 |
|
|
|
9e17c9 |
diff --git a/products/rhel8/profiles/ospp.profile b/products/rhel8/profiles/ospp.profile
|
|
|
9e17c9 |
index 39ad1797c7a..ebec8a3a6f9 100644
|
|
|
9e17c9 |
--- a/products/rhel8/profiles/ospp.profile
|
|
|
9e17c9 |
+++ b/products/rhel8/profiles/ospp.profile
|
|
|
9e17c9 |
@@ -220,7 +220,7 @@ selections:
|
|
|
9e17c9 |
- var_accounts_max_concurrent_login_sessions=10
|
|
|
9e17c9 |
- accounts_max_concurrent_login_sessions
|
|
|
9e17c9 |
- securetty_root_login_console_only
|
|
|
9e17c9 |
- - var_authselect_profile=sssd
|
|
|
9e17c9 |
+ - var_authselect_profile=minimal
|
|
|
9e17c9 |
- enable_authselect
|
|
|
9e17c9 |
- var_password_pam_unix_remember=5
|
|
|
9e17c9 |
- accounts_password_pam_unix_remember
|
|
|
9e17c9 |
|
|
|
9e17c9 |
From 9d6014242b3fcda06b38ac35d73d5d4df75313a3 Mon Sep 17 00:00:00 2001
|
|
|
9e17c9 |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
9e17c9 |
Date: Fri, 5 Aug 2022 13:55:05 +0200
|
|
|
9e17c9 |
Subject: [PATCH 4/4] update profile stability test
|
|
|
9e17c9 |
|
|
|
9e17c9 |
---
|
|
|
9e17c9 |
tests/data/profile_stability/rhel8/ospp.profile | 2 +-
|
|
|
9e17c9 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
9e17c9 |
|
|
|
f386a0 |
diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
|
|
|
9e17c9 |
index 5d73a8c6fef..21e93e310d5 100644
|
|
|
f386a0 |
--- a/tests/data/profile_stability/rhel8/ospp.profile
|
|
|
f386a0 |
+++ b/tests/data/profile_stability/rhel8/ospp.profile
|
|
|
f386a0 |
@@ -242,7 +242,7 @@ selections:
|
|
|
f386a0 |
- var_slub_debug_options=P
|
|
|
f386a0 |
- var_auditd_flush=incremental_async
|
|
|
f386a0 |
- var_accounts_max_concurrent_login_sessions=10
|
|
|
f386a0 |
-- var_authselect_profile=sssd
|
|
|
f386a0 |
+- var_authselect_profile=minimal
|
|
|
f386a0 |
- var_password_pam_unix_remember=5
|
|
|
f386a0 |
- var_selinux_state=enforcing
|
|
|
f386a0 |
- var_selinux_policy_name=targeted
|