Implement 5.3.3.2.7 Ensure password quality checking is enforced

ComplianceAsCode · Dec 19, 2024 · 74162df · 74162df
1 parent 154950a
commit 74162df
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
@@ -1987,8 +1987,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: planned
-    notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile.
+    rules:
+      - var_password_pam_enforcing=1
+      - accounts_password_pam_enforcing
+    status: automated
 
   - id: 5.3.3.2.8
     title: Ensure password quality is enforced for the root user (Automated)

diff --git a/...-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml b/...-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml
@@ -42,10 +42,19 @@ ocil: |-
 
 platform: package[pam]
 
+{{% if product == "ubuntu2404" %}}
+template:
+    name: accounts_password
+    vars:
+        variable: enforcing
+        operation: equals
+{{% else %}}
 template:
     name: "lineinfile"
     vars:
         text: "enforcing = 1"
         path: "/etc/security/pwquality.conf"
     oval_extend_definitions:
         - accounts_password_pam_pwquality
+{{% endif %}}
+