Back to bug 2213958
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-06-10 10:56:04 UTC | Pool ID | sst_security_compliance_rhel_9 | |
| Red Hat One Jira (issues.redhat.com) | 2023-06-10 10:56:28 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-159440 | |
| Marko Myllynen | 2023-06-12 07:24:39 UTC | CC | myllynen | |
| Vojtech Polasek | 2023-06-12 08:19:34 UTC | Keywords | Triaged | |
| Jan Černý | 2023-07-12 13:22:35 UTC | CC | jcerny | |
| Assignee | wsato | jcerny | ||
| Status | NEW | ASSIGNED | ||
| Jan Černý | 2023-07-14 14:48:01 UTC | Doc Text | .Password age rules apply only to local users Some compliance profiles, eg. CIS or DISA STIG, contain rules checking password age and password expiration of user account passwords. Specifically, we are talking about these rules: accounts_password_set_max_life_existing, accounts_password_set_min_life_existing, accounts_password_set_warn_age_existing, accounts_set_post_pw_existing. Previously, these rules checked not only configuration of local users but they also evaluated configuration of remote users provided by network sources such as NSS. This behavior was caused by using the `getpwent()` system call in the OpenSCAP scanner. This behavior wasn't desired, behavior the remediation scripts weren't able to change the configuration of the remote users. Therefore, the internal implementation of the aforementioned rules has been changed to depend only on data present in the "/etc/shadow" file. That means no other sources of user metadata are read by the rules. As a result, the rules now consider only local users configuration. | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Jan Černý | 2023-07-18 11:46:52 UTC | Status | ASSIGNED | POST |
| Jiri Jaburek | 2023-07-28 13:19:09 UTC | CC | jjaburek | |
| Flags | needinfo?(jcerny) | |||
| Jan Černý | 2023-07-28 13:23:23 UTC | Flags | needinfo?(jcerny) | |
| RHEL Program Management Team | 2023-08-02 12:23:09 UTC | Blocks | 2228467 | |
| RHEL Program Management Team | 2023-08-02 12:23:19 UTC | Blocks | 2228468 | |
| RHEL Program Management Team | 2023-08-02 12:23:25 UTC | Keywords | ZStream | |
| Milan Lysonek | 2023-08-10 11:44:10 UTC | Fixed In Version | scap-security-guide-0.1.69-1.el9 | |
| Status | POST | MODIFIED | ||
| errata-xmlrpc | 2023-08-11 15:01:16 UTC | Status | MODIFIED | ON_QA |
| Milan Lysonek | 2023-08-16 09:12:23 UTC | Status | ON_QA | VERIFIED |
| QA Contact | qe-baseos-security | mlysonek |
Back to bug 2213958