Skip to content

Commit

Permalink
Automated ingestion of profiles
Browse files Browse the repository at this point in the history
Signed-off-by: MITRE SAF <[email protected]>
  • Loading branch information
MITRE SAF committed Oct 9, 2024
1 parent 96fa896 commit 9eb330d
Showing 1 changed file with 2 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -4404,7 +4404,7 @@
"CM-6 b"
]
},
"code": "control 'SV-244540' do\n title 'RHEL 8 must not allow blank or null passwords in the system-auth file.'\n desc 'If an account has an empty password, anyone could log on and run\ncommands with the privileges of that account. Accounts with empty passwords\nshould never be used in operational environments.'\n desc 'check', 'To verify that null passwords cannot be used, run the following command:\n\n$ sudo grep -i nullok /etc/pam.d/system-auth\n\nIf output is produced, this is a finding.'\n desc 'fix', 'Remove any instances of the \"nullok\" option in the\n\"/etc/pam.d/system-auth\" file to prevent logons with empty passwords.\n\n Note: Manual changes to the listed file may be overwritten by the\n\"authselect\" program.'\n impact 0.7\n ref 'DPMS Target Red Hat Enterprise Linux 8'\n tag severity: 'high'\n tag gtitle: 'SRG-OS-000480-GPOS-00227'\n tag gid: 'V-244540'\n tag rid: 'SV-244540r743869_rule'\n tag stig_id: 'RHEL-08-020331'\n tag fix_id: 'F-47772r743868_fix'\n tag cci: ['CCI-000366']\n tag nist: ['CM-6 b']\n\n pam_auth_files = input('pam_auth_files')\n file_list = pam_auth_files.values.join(' ')\n bad_entries = command(\"grep -i nullok #{file_list}\").stdout.lines.collect(&:squish)\n\n describe 'The system is configureed' do\n subject { command(\"grep -i nullok #{file_list}\") }\n it 'to not allow null passwords' do\n expect(subject.stdout.strip).to be_empty, \"The system is configured to allow null passwords. Please remove any instances of the `nullok` option from: \\n\\t- #{bad_entries.join(\"\\n\\t- \")}\"\n end\n end\nend\n",
"code": "control 'SV-244540' do\n title 'RHEL 8 must not allow blank or null passwords in the system-auth file.'\n desc 'If an account has an empty password, anyone could log on and run\ncommands with the privileges of that account. Accounts with empty passwords\nshould never be used in operational environments.'\n desc 'check', 'To verify that null passwords cannot be used, run the following command:\n\n$ sudo grep -i nullok /etc/pam.d/system-auth\n\nIf output is produced, this is a finding.'\n desc 'fix', 'Remove any instances of the \"nullok\" option in the\n\"/etc/pam.d/system-auth\" file to prevent logons with empty passwords.\n\n Note: Manual changes to the listed file may be overwritten by the\n\"authselect\" program.'\n impact 0.7\n ref 'DPMS Target Red Hat Enterprise Linux 8'\n tag severity: 'high'\n tag gtitle: 'SRG-OS-000480-GPOS-00227'\n tag gid: 'V-244540'\n tag rid: 'SV-244540r743869_rule'\n tag stig_id: 'RHEL-08-020331'\n tag fix_id: 'F-47772r743868_fix'\n tag cci: ['CCI-000366']\n tag nist: ['CM-6 b']\n\n pam_auth_files = input('pam_auth_files')\n file_list = pam_auth_files.values.join(' ')\n bad_entries = command(\"grep -i nullok #{file_list}\").stdout.lines.map(&:strip)\n\n describe 'The system should be configureed' do\n subject { command(\"grep -i nullok #{file_list}\") }\n it 'to not allow null passwords' do\n expect(subject.stdout.strip).to be_empty, \"The system is configured to allow null passwords. Please remove any instances of the `nullok` option from auth files: \\n\\t- #{bad_entries.join(\"\\n\\t- \")}\"\n end\n end\nend\n",
"source_location": {
"ref": "./Red Hat 8 STIG/controls/SV-244540.rb",
"line": 1
Expand Down Expand Up @@ -17263,7 +17263,7 @@
"id": "controls/SV-230241.rb"
}
],
"sha256": "d47d8143a6008516ac2bf058f928715824a045f434726a98b9b215d1b60b202e",
"sha256": "c464704352258b2e5620a2637c89213ba18ff777862c6eed0a4955a54866331c",
"status_message": "",
"status": "loaded",
"generator": {
Expand Down

0 comments on commit 9eb330d

Please sign in to comment.