From 74162df1a93a5eda9f8bb55697662e1f46e41268 Mon Sep 17 00:00:00 2001 From: Alan Moore Date: Thu, 19 Dec 2024 12:02:30 +0000 Subject: [PATCH] Implement 5.3.3.2.7 Ensure password quality checking is enforced --- controls/cis_ubuntu2404.yml | 6 ++++-- .../accounts_password_pam_enforcing/rule.yml | 9 +++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml index c5e6165719f..71301316e27 100644 --- a/controls/cis_ubuntu2404.yml +++ b/controls/cis_ubuntu2404.yml @@ -1987,8 +1987,10 @@ controls: levels: - l1_server - l1_workstation - status: planned - notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile. + rules: + - var_password_pam_enforcing=1 + - accounts_password_pam_enforcing + status: automated - id: 5.3.3.2.8 title: Ensure password quality is enforced for the root user (Automated) diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml index ef9eba31a61..df8dcbb8d9f 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml @@ -42,6 +42,13 @@ ocil: |- platform: package[pam] +{{% if product == "ubuntu2404" %}} +template: + name: accounts_password + vars: + variable: enforcing + operation: equals +{{% else %}} template: name: "lineinfile" vars: @@ -49,3 +56,5 @@ template: path: "/etc/security/pwquality.conf" oval_extend_definitions: - accounts_password_pam_pwquality +{{% endif %}} +