-
Bug
-
Resolution: Done-Errata
-
Normal
-
None
-
scap-security-guide-0.1.74-1.el9_4
-
None
-
None
-
rhel-sst-security-compliance
-
ssg_security
-
26
-
1.5
-
No
-
None
-
-
Pass
-
None
-
Unspecified Release Note Type - Unknown
-
None
Description of Problem
CIS Server Level 2 benchmark "5.6.1.5 Ensure all users last password change date is in the past" rule fails, but all users have a last password change date in the past.
How reproducible
Always
Steps to Reproduce
- Register RHEL 9 host with Insigths
- Assign CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 policy to it
- Run 'insights-client --compliance' command on the host
Actual Behavior
The "5.6.1.5 Ensure all users last password change date is in the past" rule fails.
Expected Behavior
The above rule should pass for the host as all users have last password change date is in the past.
Business Impact / Additional info
The testing seems to indicate the rule is failing on users with non-expiring passwords. Based on the verbiage for the rule, "Ensure all users last password change date is in the past", users with non-expiring passwords shouldn't cause the rule to fail.
- links to
-
RHBA-2024:137755 scap-security-guide bug fix and enhancement update
- mentioned on