25 lines
701 B
YAML
25 lines
701 B
YAML
{{ if .Vars.ubtu24cis_level_1 }}
|
|
{{ if .Vars.ubtu24cis_rule_5_3_3_4_3 }}
|
|
command:
|
|
pam_unix_strong_password_pam_configs:
|
|
title: 5.3.3.4.3 | Ensure pam_unix includes a strong password hashing algorithm
|
|
exec: grep -PH -- '^\h*password\h+([^#\n\r]+)\h+pam_unix\.so\h+([^#\n\r]+\h+)?(sha512|yescrypt)\b' /etc/pam.d/common-password /usr/share/pam-configs/*
|
|
exit-status:
|
|
or:
|
|
- 0
|
|
- 1
|
|
stdout:
|
|
- '/.*:password\s+([^#\n\r]+)\s+pam_unix\.so.*(yescrypt|sha512)/'
|
|
meta:
|
|
server: 1
|
|
workstation: 1
|
|
CIS_ID:
|
|
- 5.3.3.4.3
|
|
CISv8: 3.11
|
|
CISv8_IG1: false
|
|
CISv8_IG2: true
|
|
CISv8_IG3: true
|
|
NIST800-53R5: NA
|
|
{{ end }}
|
|
{{ end }}
|