Bug 2193151

Summary:	Remediation should only update parameter values not parameter explanations
Product:	Red Hat Enterprise Linux 9	Reporter:	Marko Myllynen <myllynen>
Component:	scap-security-guide	Assignee:	Watson Yuuma Sato <wsato>
Status:	CLOSED MIGRATED	QA Contact:	BaseOS QE Security Team <qe-baseos-security>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	9.1	CC:	ggasparb, matyc, mhaicman, mlysonek, openscap-maint, vpolasek
Target Milestone:	rc	Keywords:	MigratedToJIRA, Triaged
Target Release:	---	Flags:	pm-rhel: mirror+
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	No Doc Update
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2023-08-23 14:45:11 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Marko Myllynen 2023-05-04 13:38:07 UTC

Description of problem:
After remediating RHEL 9.1 system (CIS Level 2 - Server) we see in /etc/login.defs these changes (among others):

 # Password aging controls:
 #
-#      PASS_MAX_DAYS   Maximum number of days a password may be used.
-#      PASS_MIN_DAYS   Minimum number of days allowed between password changes.
+#      PASS_MAX_DAYS     365
+#      PASS_MIN_DAYS     1
 #      PASS_MIN_LEN    Minimum acceptable password length.
 #      PASS_WARN_AGE   Number of days warning given before a password expires.
 #
-PASS_MAX_DAYS  99999
-PASS_MIN_DAYS  0
+PASS_MAX_DAYS     365
+PASS_MIN_DAYS     1
 PASS_WARN_AGE  7

It looks unnecessary to update commented out lines as now the description of the configuration parameters has been removed.

This is a general suggestion, there might be more cases like this. Thanks.

Comment 2 RHEL Program Management 2023-08-17 14:26:27 UTC

Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.

Comment 3 RHEL Program Management 2023-08-23 14:45:11 UTC

This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues.