From d16c221c1611439857a343092f0906f82d631141 Mon Sep 17 00:00:00 2001
From: Alan Moore <alan.moore@canonical.com>
Date: Thu, 9 Jan 2025 17:35:20 +0000
Subject: [PATCH] Add rule accounts_password_pam_pwhistory_use_authtok

---
 components/pam.yml          | 1 +
 controls/cis_ubuntu2404.yml | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/components/pam.yml b/components/pam.yml
index b6789a9972c4..9738d8b31711 100644
--- a/components/pam.yml
+++ b/components/pam.yml
@@ -59,6 +59,7 @@ rules:
 - accounts_password_pam_pwhistory_remember
 - accounts_password_pam_pwhistory_remember_password_auth
 - accounts_password_pam_pwhistory_remember_system_auth
+- accounts_password_pam_pwhistory_use_authtok
 - accounts_password_pam_pwquality_password_auth
 - accounts_password_pam_pwquality_system_auth
 - accounts_password_pam_pwquality_enabled
diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
index fbc438cf883a..ce3738c536c7 100644
--- a/controls/cis_ubuntu2404.yml
+++ b/controls/cis_ubuntu2404.yml
@@ -2020,8 +2020,9 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: planned
-    notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile.
+    rules:
+      - accounts_password_pam_pwhistory_use_authtok
+    status: automated
 
   - id: 5.3.3.4.1
     title: Ensure pam_unix does not include nullok (Automated)