Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-47129

CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 scan fails on "Ensure all users last password change date is in the past" rule

XMLWordPrintable

    • scap-security-guide-0.1.74-1.el9_4
    • None
    • None
    • sst_security_compliance
    • ssg_security
    • 26
    • 1.5
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • None

      Description of Problem

      CIS Server Level 2 benchmark "5.6.1.5 Ensure all users last password change date is in the past" rule fails, but all users have a last password change date in the past.

      How reproducible

      Always

      Steps to Reproduce

      1. Register RHEL 9 host with Insigths
      2. Assign CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 policy to it
      3. Run 'insights-client --compliance' command on the host

      Actual Behavior

      The "5.6.1.5 Ensure all users last password change date is in the past" rule fails.

      Expected Behavior

      The above rule should pass for the host as all users have last password change date is in the past.

      Business Impact / Additional info

      The testing seems to indicate the rule is failing on users with non-expiring passwords. Based on the verbiage for the rule, "Ensure all users last password change date is in the past", users with non-expiring passwords shouldn't cause the rule to fail.

        1. sosreport-vrheladmin01-2024-07-01-grfgbxj.tar.xz
          21.75 MB
        2. userpasswordchange.txt
          2 kB

            maburgha@redhat.com Marcus Burghardt
            rhn-support-ngupta Nikhil Gupta
            Marcus Burghardt Marcus Burghardt
            Milan Lysonek Milan Lysonek
            Votes:
            0 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: