Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule set_password_hashing_algorithm_systemauth fails on RHEL 10 #12769

Closed
jan-cerny opened this issue Jan 2, 2025 · 1 comment · Fixed by #12782
Closed

Rule set_password_hashing_algorithm_systemauth fails on RHEL 10 #12769

jan-cerny opened this issue Jan 2, 2025 · 1 comment · Fixed by #12782
Assignees
@Mab879
Labels
ANSSI ANSSI Benchmark related. productization-issue Issue found in upstream stabilization process. RHEL10 Red Hat Enterprise Linux 10 product related.
Milestone
0.1.76

Comments

@jan-cerny
Copy link
Collaborator

Description of problem:

Rule set_password_hashing_algorithm_systemauth fails on RHEL 10 in ISM_O and ANSSI High profiles.

The following contest tests fail in the daily productization run on RHEL 10:

  • /hardening/host-os/oscap/anssi_bp28_high/set_password_hashing_algorithm_systemauth
  • /hardening/host-os/oscap/ism_o/set_password_hashing_algorithm_systemauth
  • /hardening/image-builder/anssi_bp28_high/set_password_hashing_algorithm_systemauth
  • /hardening/image-builder/ism_o/set_password_hashing_algorithm_systemauth
  • /hardening/kickstart/anssi_bp28_high/set_password_hashing_algorithm_systemauth
  • /hardening/kickstart/ism_o/set_password_hashing_algorithm_systemauth
  • /hardening/oscap/anssi_bp28_high/set_password_hashing_algorithm_systemauth
  • /hardening/oscap/ism_o/set_password_hashing_algorithm_systemauth

SCAP Security Guide Version:

current upstream master HEAD as of 2024-01-01 as of 8cb84dc

Operating System Version:

RHEL 10 (RHEL-10.0-20241220.0)

Steps to Reproduce:

run aforementioned tests

Actual Results:

The OVAL tests doesn't find any sting matching the regular expression in /etc/pam.d/system-auth.

Expected Results:

rule passes

Additional Information/Debugging Steps:

no
@jan-cerny jan-cerny added productization-issue Issue found in upstream stabilization process. ANSSI ANSSI Benchmark related. RHEL10 Red Hat Enterprise Linux 10 product related. labels Jan 2, 2025
@Mab879
Copy link
Member

Mab879 commented Jan 6, 2025
edited
Loading

RHEL 10 has moved to yescrypt by default. I wonder if we have some sha512 assumptions still running around.

@Mab879 Mab879 mentioned this issue Jan 7, 2025
Merged
@Mab879 Mab879 self-assigned this Jan 7, 2025
@Mab879 Mab879 added this to the 0.1.76 milestone Jan 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mab879 Mab879

Labels
ANSSI ANSSI Benchmark related. productization-issue Issue found in upstream stabilization process. RHEL10 Red Hat Enterprise Linux 10 product related.
Projects
None yet
Milestone
0.1.76
Development

Successfully merging a pull request may close this issue.

Adjust set_password_hashing_algorithm_* for RHEL 10 Mab879/content
2 participants
@Mab879 @jan-cerny