REPEAT: /etc/pam.d/passwd for RHEL 7

ghoneycutt / puppet-module-pam

Puppet module to manage PAM

Other

18 stars 80 forks source link

REPEAT: /etc/pam.d/passwd for RHEL 7 #182

Closed linuxdan closed 5 years ago

linuxdan commented 6 years ago

DISA STIG for RHEL 7 calls for a non-default line in /etc/pam.d/passwd

RHEL-07-010119

https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/2017-12-14/finding/V-73159

https://github.com/ghoneycutt/puppet-module-pam/issues/180 did not answer the issue Changes to pam_password_lines propagates to /etc/pam.d/system-auth-ac

I need /etc/pam.d/passwd

ghoneycutt commented 6 years ago

The STIG reads that you need to use 'pwquality'. This module puts those password lines in a different file from /etc/pam.d/passwd is all. Think they should be in /etc/pam.d/password-auth-ac or system-auth-ac.

linuxdan commented 6 years ago

From that stigviewer link: cat /etc/pam.d/passwd | grep pam_pwquality Nessus is looking for the line in /etc/pam.d/passwd But the openscap scanner is looking in /etc/pam.d/system-auth

ghoneycutt commented 5 years ago

Hi, Sounds like you need some symlinks setup to make this pass. I'm not sure where to go from here.