You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue: The pam_faillock.so module is present in the "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" files, but the "preauth" line is NOT listed before pam_unix.so, this is a finding.
Vul ID: V-244533 Rule ID: SV-244533r743848_rule STIG ID: RHEL-08-020025
Vul ID: V-244534 Rule ID: SV-244534r743851_rule STIG ID: RHEL-08-020026
Solution: Move the "auth required pam_faillock.so preauth dir=/var/log/faillock silent audit deny=3 even_deny_root fail_interval=900 unlock_time=0" to the second line right below "auth required pam_env.so".
This can probably be achieved by changing RHEL-08-020025 and RHEL-08-020026 in fix-cat2.yml from insertafter: '^auth' to insertafter: '^auth\s+required\s+pam_env.so'. For some reason i had to use sed to delete the entry, then add it back into the file.
example:
Delete command: sed -i -r '/^auth\s+required\s+pam_faillock.so\s+preauth/d' /etc/authselect/password-auth
Insert command: sed -i -r '/^auth\s+required\s+pam_env.so.*/a auth required pam_faillock.so preauth dir=/var/log/faillock silent audit deny=3 even_deny_root fail_interval=900 unlock_time=0' /etc/authselect/password-auth
The text was updated successfully, but these errors were encountered:
Thanks addressing this issue. I saw the update to RHEL-08-020025, but did not see the change for RHEL-08-020026 (password-auth) in the pull requests. (I might be missing it somewhere, but wanted to check.)
I really appreciate all the work you guys put into this tool.
Thanks again.
Issue: The pam_faillock.so module is present in the "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" files, but the "preauth" line is NOT listed before pam_unix.so, this is a finding.
Vul ID: V-244533 Rule ID: SV-244533r743848_rule STIG ID: RHEL-08-020025
Vul ID: V-244534 Rule ID: SV-244534r743851_rule STIG ID: RHEL-08-020026
Solution: Move the "auth required pam_faillock.so preauth dir=/var/log/faillock silent audit deny=3 even_deny_root fail_interval=900 unlock_time=0" to the second line right below "auth required pam_env.so".
This can probably be achieved by changing RHEL-08-020025 and RHEL-08-020026 in fix-cat2.yml from insertafter: '^auth' to insertafter: '^auth\s+required\s+pam_env.so'. For some reason i had to use sed to delete the entry, then add it back into the file.
example:
Delete command: sed -i -r '/^auth\s+required\s+pam_faillock.so\s+preauth/d' /etc/authselect/password-auth
Insert command: sed -i -r '/^auth\s+required\s+pam_env.so.*/a auth required pam_faillock.so preauth dir=/var/log/faillock silent audit deny=3 even_deny_root fail_interval=900 unlock_time=0' /etc/authselect/password-auth
The text was updated successfully, but these errors were encountered: