69 lines
2.9 KiB
Diff
69 lines
2.9 KiB
Diff
|
From f802557b2a84b830a8a8742b535a5602925e438d Mon Sep 17 00:00:00 2001
|
||
|
From: Watson Yuuma Sato <wsato@redhat.com>
|
||
|
Date: Mon, 8 Aug 2022 15:28:37 +0200
|
||
|
Subject: [PATCH 09/10] Merge pull request #9298 from vojtapolasek/rhbz2114979
|
||
|
|
||
|
Patch-name: scap-security-guide-0.1.64-authselect_minimal_in_ospp-PR_9298.patch
|
||
|
Patch-status: Make OSPP profiles use minimal Authselect profile
|
||
|
---
|
||
|
linux_os/guide/system/accounts/enable_authselect/rule.yml | 1 +
|
||
|
products/rhel8/profiles/ospp.profile | 2 +-
|
||
|
products/rhel9/profiles/ospp.profile | 2 +-
|
||
|
tests/data/profile_stability/rhel8/ospp.profile | 2 +-
|
||
|
4 files changed, 4 insertions(+), 3 deletions(-)
|
||
|
|
||
|
diff --git a/linux_os/guide/system/accounts/enable_authselect/rule.yml b/linux_os/guide/system/accounts/enable_authselect/rule.yml
|
||
|
index 8d1758e8c9..3edb3642df 100644
|
||
|
--- a/linux_os/guide/system/accounts/enable_authselect/rule.yml
|
||
|
+++ b/linux_os/guide/system/accounts/enable_authselect/rule.yml
|
||
|
@@ -34,6 +34,7 @@ references:
|
||
|
disa: CCI-000213
|
||
|
hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii) # taken from require_singleuser_auth
|
||
|
nist: AC-3
|
||
|
+ ospp: FIA_UAU.1,FIA_AFL.1
|
||
|
srg: SRG-OS-000480-GPOS-00227
|
||
|
|
||
|
ocil: |-
|
||
|
diff --git a/products/rhel8/profiles/ospp.profile b/products/rhel8/profiles/ospp.profile
|
||
|
index 39ad1797c7..ebec8a3a6f 100644
|
||
|
--- a/products/rhel8/profiles/ospp.profile
|
||
|
+++ b/products/rhel8/profiles/ospp.profile
|
||
|
@@ -220,7 +220,7 @@ selections:
|
||
|
- var_accounts_max_concurrent_login_sessions=10
|
||
|
- accounts_max_concurrent_login_sessions
|
||
|
- securetty_root_login_console_only
|
||
|
- - var_authselect_profile=sssd
|
||
|
+ - var_authselect_profile=minimal
|
||
|
- enable_authselect
|
||
|
- var_password_pam_unix_remember=5
|
||
|
- accounts_password_pam_unix_remember
|
||
|
diff --git a/products/rhel9/profiles/ospp.profile b/products/rhel9/profiles/ospp.profile
|
||
|
index f27f961a7a..b21ddcee6d 100644
|
||
|
--- a/products/rhel9/profiles/ospp.profile
|
||
|
+++ b/products/rhel9/profiles/ospp.profile
|
||
|
@@ -115,7 +115,7 @@ selections:
|
||
|
- coredump_disable_storage
|
||
|
- coredump_disable_backtraces
|
||
|
- service_systemd-coredump_disabled
|
||
|
- - var_authselect_profile=sssd
|
||
|
+ - var_authselect_profile=minimal
|
||
|
- enable_authselect
|
||
|
- use_pam_wheel_for_su
|
||
|
|
||
|
diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
|
||
|
index 5d73a8c6fe..21e93e310d 100644
|
||
|
--- a/tests/data/profile_stability/rhel8/ospp.profile
|
||
|
+++ b/tests/data/profile_stability/rhel8/ospp.profile
|
||
|
@@ -242,7 +242,7 @@ selections:
|
||
|
- var_slub_debug_options=P
|
||
|
- var_auditd_flush=incremental_async
|
||
|
- var_accounts_max_concurrent_login_sessions=10
|
||
|
-- var_authselect_profile=sssd
|
||
|
+- var_authselect_profile=minimal
|
||
|
- var_password_pam_unix_remember=5
|
||
|
- var_selinux_state=enforcing
|
||
|
- var_selinux_policy_name=targeted
|
||
|
--
|
||
|
2.37.1
|
||
|
|