Hardcoded RHEL 204414 rule

microsoft · Mar 22, 2022 · f6626cc · f6626cc
1 parent 44b88c7
commit f6626cc
Show file tree

Hide file tree

Showing 3 changed files with 3,049 additions and 3,048 deletions.
diff --git a/source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R6_Manual-xccdf.log b/source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R6_Manual-xccdf.log
@@ -1,6 +1,7 @@
 V-204399::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = '/org/gnome/desktop/screensaver/lock-delay'; FilePath = '/etc/dconf/db/local.d/locks/session'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = '/org/gnome/desktop/screensaver/lock-delay'; DoesNotContainPattern = '#\s*/org/gnome/desktop/screensaver/lock-delay'; FilePath = '/etc/dconf/db/local.d/locks/session'}
 V-204400::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = '/org/gnome/desktop/session/idle-delay'; DoesNotContainPattern = '#\s*/org/gnome/desktop/session/idle-delay'; FilePath = '/etc/dconf/db/local.d/locks/session'}
 V-204403::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = '/org/gnome/desktop/screensaver/idle-activation-enabled'; DoesNotContainPattern = '#\s*/org/gnome/desktop/screensaver/idle-activation-enabled'; FilePath = '/etc/dconf/db/local.d/locks/session'}
+V-204414::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/security/pwquality.conf'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the value of "maxclassrepeat" is set to "0", more than "4" or is commented out, this is a finding.'}
 V-204424::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/pam.d/password-auth'; OrganizationValueTestString = 'rule V-204424 is reviewed for guidence on configurating ContainsLine/DoesNotContainPattern '}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/pam.d/system-auth'; OrganizationValueTestString = 'rule V-204424 is reviewed for guidence on configurating ContainsLine/DoesNotContainPattern '}
 V-204449::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/modprobe.d/usb-storage.conf'}<splitRule>HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/modprobe.d/blacklist.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'install usb-storage /bin/true'; DoesNotContainPattern = '#\s*install\s*usb-storage\s*/bin/true'; FilePath = '/etc/modprobe.d/usb-storage.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'blacklist usb-storage'; DoesNotContainPattern = '#\s*blacklist\s*usb-storage'; FilePath = '/etc/modprobe.d/blacklist.conf'}
 V-204450::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/modprobe.d/dccp.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'install dccp /bin/true'; DoesNotContainPattern = '#\s*install\s*dccp\s*/bin/true'; FilePath = '/etc/modprobe.d/dccp.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'blacklist dccp'; DoesNotContainPattern = '#\s*blacklist\s*dccp'; FilePath = '/etc/modprobe.d/blacklist.conf'}

diff --git a/source/StigData/Processed/RHEL-7-3.6.org.default.xml b/source/StigData/Processed/RHEL-7-3.6.org.default.xml
@@ -12,7 +12,7 @@
   <OrganizationalSetting id="V-204412" ContainsLine="minclass = 4" DoesNotContainPattern="^#\s*minclass\s*=.*|^\s*minclass\s*=\s*(?!\d{2,})[1-3]" />
   <!-- Ensure that the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of "maxrepeat" is set to more than "3", this is a finding." -->
   <OrganizationalSetting id="V-204413" ContainsLine="maxrepeat = 3" DoesNotContainPattern="^#\s*maxrepeat\s*=.*|^\s*maxrepeat\s*=\s*(?:\d{2,}|[4-9])" />
-  <!-- Ensure that the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of "maxclassrepeat" is set to more than "4", this is a finding." -->
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the value of "maxclassrepeat" is set to "0", more than "4" or is commented out, this is a finding.-->
   <OrganizationalSetting id="V-204414" ContainsLine="maxclassrepeat = 4" DoesNotContainPattern="^#\s*maxclassrepeat\s*=.*|^\s*maxclassrepeat\s*=\s*(?:\d{2,}|[1-3|5-9])" />
   <!-- Ensure that the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "PASS_MIN_DAYS" parameter value is not "1" or greater, or is commented out, this is a finding." -->
   <OrganizationalSetting id="V-204418" ContainsLine="PASS_MIN_DAYS 1" DoesNotContainPattern="^\s*PASS_MIN_DAYS\s*[0]*$|#\s*PASS_MIN_DAYS.*" />