49 lines
1.2 KiB
YAML
49 lines
1.2 KiB
YAML
---
|
|
|
|
{{ if .Vars.ubtu24cis_level_1 }}
|
|
{{ if .Vars.ubtu24cis_rule_5_3_3_2_4 }}
|
|
command:
|
|
password_consecutive_characters:
|
|
title: 5.3.3.2.4 | Ensure password same consecutive characters is configured
|
|
exec: grep -Psi -- '^\h*maxrepeat\h*=\h*[1-3]\b' /etc/security/pwquality.conf /etc/security/pwquality.conf.d/*.conf
|
|
exit-status:
|
|
or:
|
|
- 0
|
|
- 1
|
|
stdout:
|
|
- '/.*\:maxrepeat\s*=\s*[1-3]/'
|
|
- '!/.*\:maxrepeat\s*=\s*0/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 5.3.3.2.4
|
|
CISv8:
|
|
- 5.2
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5: IA-5
|
|
consecutive_characters_not_pamd:
|
|
title: 5.3.3.2.4 | Ensure password same consecutive characters is configured
|
|
exec: grep -Psi -- '^\h*password\h+(requisite|required|sufficient)\h+pam_pwquality\.so\h+([^#\n\r]+\h+)?maxrepeat\h*=\h*(0|[4-9]|[1-9][0-9]+)\b' /etc/pam.d/common-password
|
|
exit-status:
|
|
or:
|
|
- 0
|
|
- 1
|
|
stdout:
|
|
- '!/.*/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 5.3.3.2.4
|
|
CISv8:
|
|
- 5.2
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5: IA-5
|
|
{{ end }}
|
|
{{ end }}
|