V-71961 Incorrect RegEx

simp / inspec-profile-disa_stig-el7

InSpec Profile for the EL7 DISA STIG

Apache License 2.0

22 stars 46 forks source link

V-71961 Incorrect RegEx #61

Closed Bialogs closed 4 years ago

Bialogs commented 5 years ago

V-71961 uses the Regex /^\s*password_pbkdf2\s+#{user}/ to examine user.cfg files. However, the syntax of user.cfg files are typically GRUB2_PASSWORD=grub.pbkdf2.$digest etc.

Also, I'm not sure if any additional superusers are allowed per this requirement? The way the STIG reads it seems like other superusers besides root are not allowed.

trevor-vaughan commented 5 years ago

Yes on the regex change and agreed that only one superuser should be allowed. That said, root is an arbitrary name in this case so I'm not sure how logical this actually is.

Bialogs commented 5 years ago

Actually.... @trevor-vaughan do you know why this control looks in user.cfg? The STIG is mostly concerned about grub.cfg.