Enable ANSSI R69 rule for AlmaLinux
This commit is contained in:
parent
e430f844e6
commit
9085c9f9d9
@ -66,7 +66,7 @@ index 2b00bd908..4fc431b04 100644
|
||||
- ensure_gpgcheck_globally_activated
|
||||
- ensure_gpgcheck_local_packages
|
||||
diff --git a/controls/anssi.yml b/controls/anssi.yml
|
||||
index d02cd2523..54d70cfe3 100644
|
||||
index d02cd2523..deec2f8e9 100644
|
||||
--- a/controls/anssi.yml
|
||||
+++ b/controls/anssi.yml
|
||||
@@ -1238,7 +1238,7 @@ controls:
|
||||
@ -112,6 +112,30 @@ index d02cd2523..54d70cfe3 100644
|
||||
|
||||
- id: R68
|
||||
title: Protecting stored passwords
|
||||
@@ -1411,23 +1402,14 @@ controls:
|
||||
When the user databases are stored on a remote network service, NSS must
|
||||
be configured to establish a secure link that allows, at minimum, to
|
||||
authenticate the server and protect the communication channel.
|
||||
- {{% if "rhel" in product %}}
|
||||
notes: |-
|
||||
A nsswitch service connecting to remote database is provided by sssd. This is checked in requirement R67.
|
||||
Another such service is winbind which is by default configured to connect
|
||||
securely to Samba domains.
|
||||
Other relevant services are NIS and Hesiod. These should not be used.
|
||||
status: automated
|
||||
- {{% if product in ["rhel7", "rhel8"] %}}
|
||||
rules:
|
||||
- no_nis_in_nsswitch
|
||||
- {{% if product == "rhel7" %}}
|
||||
- - no_hesiod_in_nsswitch
|
||||
- {{% endif %}}
|
||||
- {{% endif %}}
|
||||
- {{% else %}}
|
||||
- status: pending
|
||||
- {{% endif %}}
|
||||
|
||||
|
||||
- id: R70
|
||||
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
|
||||
index 48406c172..28ae0c5c2 100644
|
||||
--- a/controls/cis_rhel8.yml
|
||||
|
Loading…
Reference in New Issue
Block a user