Closed osullivanm-csi closed 1 year ago
When you say 'to pass', the control sets it to one or the other and the control calls for either. I'm not sure what you mean.
I am running a CIS CAT to assess compliance and it is failing because it isn't sha512. Just double checked CIS and the check is now:
"5.5.4 Ensure password hashing algorithm is SHA-512"
Ok, I didn't notice that there was a mismatch:
RHEL Enterprise 9 v1.0.0 : 5.5.4 - Ensure password hashing algorithm is SHA-512 or yescrypt RHEL Enterprise 8 v2.0.0 : 5.5.4 - Ensure password hashing algorithm is SHA-512 Ubunto 22.04 LTS v1.0.0 : 5.5.4 - Ensure password hashing algorithm is up to date with the latest standards (describes setting to yescrypt in the text)
I will change RHEL 8 to just SHA-512
Fixes are in dev branch
merged into master
password_hash_alg is set to 'yescrypt' but to pass it needs to be 'sha512'