Bug 1372061 - RHEL 7.3 beta error: PAM maxclassrepeat not configured
Summary: RHEL 7.3 beta error: PAM maxclassrepeat not configured
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-security-guide
Version: 7.3
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Watson Yuuma Sato
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-31 19:55 UTC by Shawn Wells
Modified: 2017-08-01 12:23 UTC (History)
4 users (show)

Fixed In Version: scap-security-guide-0.1.32-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 12:23:38 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2064 normal SHIPPED_LIVE scap-security-guide bug fix and enhancement update 2017-08-01 16:05:50 UTC

Description Shawn Wells 2016-08-31 19:55:52 UTC
When deploying a system against the DOD STIG Upstream profile, the following checklist item remains non-compliant:

- CCE-27512-3: xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat

Item remains non-compliant after the installation, and when attempting to remediate post-installation via "oscap xccdf eval --remediate..."

Comment 1 Shawn Wells 2016-08-31 20:22:23 UTC
Note this has been fixed upstream via https://github.com/OpenSCAP/scap-security-guide/pull/1393

Comment 6 Marek Haicman 2017-04-26 11:49:37 UTC
Test performed by SSG Test Suite prototype

OLD ===
[0 root@qeos-103 ~]# rpm -q scap-security-guide
scap-security-guide-0.1.30-3.el7.noarch

./perform_remediation_checks.sh maxclassrepeat
# Performing pam/accouts_password_pam_maxclassrepeat/clean
FAIL: Remediation for pam/accouts_password_pam_maxclassrepeat/clean is probably missing!
# Performing pam/accouts_password_pam_maxclassrepeat/comment
FAIL: Remediation for pam/accouts_password_pam_maxclassrepeat/comment is probably missing!
# Performing pam/accouts_password_pam_maxclassrepeat/line_not_there
FAIL: Remediation for pam/accouts_password_pam_maxclassrepeat/line_not_there is probably missing!
# Performing pam/accouts_password_pam_maxclassrepeat/wrong_value_greater
FAIL: Remediation for pam/accouts_password_pam_maxclassrepeat/wrong_value_greater is probably missing!
# Performing pam/accouts_password_pam_maxclassrepeat/wrong_value_lesser
FAIL: Remediation for pam/accouts_password_pam_maxclassrepeat/wrong_value_lesser is probably missing!


NEW ===
[0 root@qeos-106 ~]# rpm -q scap-security-guide
scap-security-guide-0.1.32-1.el7.noarch

./perform_remediation_checks.sh maxclassrepeat
# Performing pam/accouts_password_pam_maxclassrepeat/clean
# Performing pam/accouts_password_pam_maxclassrepeat/comment
# Performing pam/accouts_password_pam_maxclassrepeat/line_not_there
# Performing pam/accouts_password_pam_maxclassrepeat/wrong_value_greater
# Performing pam/accouts_password_pam_maxclassrepeat/wrong_value_lesser

Comment 7 errata-xmlrpc 2017-08-01 12:23:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2064


Note You need to log in before you can comment on or make changes to this bug.