Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-47129

CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 scan fails on "Ensure all users last password change date is in the past" rule

XMLWordPrintable

    • scap-security-guide-0.1.74-1.el9_4
    • None
    • None
    • sst_security_compliance
    • ssg_security
    • 26
    • 1.5
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • None

      Description of Problem

      CIS Server Level 2 benchmark "5.6.1.5 Ensure all users last password change date is in the past" rule fails, but all users have a last password change date in the past.

      How reproducible

      Always

      Steps to Reproduce

      1. Register RHEL 9 host with Insigths
      2. Assign CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 policy to it
      3. Run 'insights-client --compliance' command on the host

      Actual Behavior

      The "5.6.1.5 Ensure all users last password change date is in the past" rule fails.

      Expected Behavior

      The above rule should pass for the host as all users have last password change date is in the past.

      Business Impact / Additional info

      The testing seems to indicate the rule is failing on users with non-expiring passwords. Based on the verbiage for the rule, "Ensure all users last password change date is in the past", users with non-expiring passwords shouldn't cause the rule to fail.

        1. sosreport-vrheladmin01-2024-07-01-grfgbxj.tar.xz
          21.75 MB
        2. userpasswordchange.txt
          2 kB

              maburgha@redhat.com Marcus Burghardt
              rhn-support-ngupta Nikhil Gupta
              Marcus Burghardt Marcus Burghardt
              Milan Lysonek Milan Lysonek
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: