42 lines
1.1 KiB
YAML
42 lines
1.1 KiB
YAML
{{ if .Vars.ubtu24cis_level_1 }}
|
|
{{ if .Vars.ubtu24cis_rule_5_3_3_3_2 }}
|
|
file:
|
|
pwhistory_use_authtok:
|
|
title: 5.3.3.3.2 | Ensure pam_pwhistory includes use_authtok | common-password
|
|
path: /etc/pam.d/common-password
|
|
exists: true
|
|
contents:
|
|
- '/^\s*password\s*(requisite|required)\s*pam_pwhistory.so.*use_authtok/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 5.3.3.3.2
|
|
CISv8: 5.2
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5: IA-5
|
|
command:
|
|
pwhistory_use_authtok_pam_configs:
|
|
title: 5.3.3.3.2 | Ensure pam_pwhistory includes use_authtok | pam_configs
|
|
exec: for file in `awk '/Password-Type:/{ f = 1;next } /-Type:/{ f = 0 } f {if (/pam_pwhistory\.so/) print FILENAME}' /usr/share/pam-configs/*`; do grep pam_pwhistory $file | grep -v use_authtok; done
|
|
exit-status:
|
|
or:
|
|
- 0
|
|
- 1
|
|
stdout:
|
|
- '!/.*/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 5.3.3.3.2
|
|
CISv8: 5.2
|
|
CISv8_IG1: true
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5: IA-5
|
|
{{ end }}
|
|
{{ end }}
|