We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The rhel8-playbook-stig.yml Ansible playbook includes checks and fixes for the STIG: https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2023-09-11/finding/V-230233
The STIG requires SHA_CRYPT_MIN_ROUNDS to be present in the file and set to 5000 or greater.
SHA_CRYPT_MIN_ROUNDS
5000
When the playbook runs, it completes with a result of "OK", even if the /etc/login.defs if SHA_CRYPT_MIN_ROUNDS is not present.
/etc/login.defs
Below is the output of the workbook being run against /etc/login.defs where it does not contain SHA_CRYPT_MIN_ROUNDS:
$ ansible-playbook --connection=local --inventory localhost, /usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml --tags set_password_hashing_min_rounds_logindefs PLAY [Ansible Playbook for xccdf_org.ssgproject.content_profile_stig] ******************************** TASK [Gathering Facts] ******************************************************************************* ok: [localhost] TASK [Set Password Hashing Rounds in /etc/login.defs - Ensure SHA_CRYPT_MIN_ROUNDS has Minimum Value of 5000] *** ok: [localhost] TASK [Set Password Hashing Rounds in /etc/login.defs - Ensure SHA_CRYPT_MAX_ROUNDS has Minimum Value of 5000] *** ok: [localhost] PLAY RECAP ******************************************************************************************* localhost : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
The playbook does not attempt to update the file if the required SHA_CRYPT_MIN_ROUNDS 5000 line is missing.
SHA_CRYPT_MIN_ROUNDS 5000
However, the rhel8-script-stig.sh script does properly mitigate this finding.
rhel8-script-stig.sh
0.1.72
RHEL 8 (possibly 7 and 9)
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Description of problem:
The rhel8-playbook-stig.yml Ansible playbook includes checks and fixes for the STIG: https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2023-09-11/finding/V-230233
The STIG requires
SHA_CRYPT_MIN_ROUNDS
to be present in the file and set to5000
or greater.When the playbook runs, it completes with a result of "OK", even if the
/etc/login.defs
ifSHA_CRYPT_MIN_ROUNDS
is not present.Below is the output of the workbook being run against /etc/login.defs where it does not contain
SHA_CRYPT_MIN_ROUNDS
:The playbook does not attempt to update the file if the required
SHA_CRYPT_MIN_ROUNDS 5000
line is missing.However, the
rhel8-script-stig.sh
script does properly mitigate this finding.SCAP Security Guide Version:
0.1.72
Operating System Version:
RHEL 8
(possibly 7 and 9)
The text was updated successfully, but these errors were encountered: