Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1484

Remediation should only update parameter values not parameter explanations

    XMLWordPrintable

Details

    • Assignee, Qa Contact, Doc Contact, Pool Team, Watchers, Developer
    • sst_security_compliance
    • ssg_security
    • False
    • Hide

      None

      Show
      None
    • Unspecified
    • No Doc Update
    • Unspecified

    Description

      Description of problem:
      After remediating RHEL 9.1 system (CIS Level 2 - Server) we see in /etc/login.defs these changes (among others):

      1. Password aging controls:
        #
        1. PASS_MAX_DAYS Maximum number of days a password may be used.
        2. PASS_MIN_DAYS Minimum number of days allowed between password changes.
          +# PASS_MAX_DAYS 365
          +# PASS_MIN_DAYS 1
      2. PASS_MIN_LEN Minimum acceptable password length.
      3. PASS_WARN_AGE Number of days warning given before a password expires.
        #
        -PASS_MAX_DAYS 99999
        -PASS_MIN_DAYS 0
        +PASS_MAX_DAYS 365
        +PASS_MIN_DAYS 1
        PASS_WARN_AGE 7

      It looks unnecessary to update commented out lines as now the description of the configuration parameters has been removed.

      This is a general suggestion, there might be more cases like this. Thanks.

      Attachments

        Issue Links

          external trackers

          Web Link Red Hat Issue Tracker RHELPLAN-156418

          Activity

            People

              wsato@redhat.com Watson Sato
              myllynen Marko Myllynen
              Vojtech Polasek Vojtech Polasek
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: