From 696e34728b7075247e8502d201cc8aaea2149b4c Mon Sep 17 00:00:00 2001 From: "steven.y.gui" Date: Mon, 26 Jun 2023 17:10:55 +0800 Subject: [PATCH] add some descriptions --- enable-76-rules-for-openEuler.patch | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/enable-76-rules-for-openEuler.patch b/enable-76-rules-for-openEuler.patch index 3b86709..f5ccc6f 100644 --- a/enable-76-rules-for-openEuler.patch +++ b/enable-76-rules-for-openEuler.patch @@ -1,7 +1,7 @@ -From 262435c4b8c511cf8afc5927051cb0948415f593 Mon Sep 17 00:00:00 2001 -From: steven_ygui -Date: Fri, 19 May 2023 01:37:20 +0800 -Subject: [PATCH] enable-76-rules-for-openEuler.patch +From 49b0ed553a842d15ed5f942dd9825aa89eb84078 Mon Sep 17 00:00:00 2001 +From: "steven.y.gui" +Date: Mon, 26 Jun 2023 17:09:54 +0800 +Subject: [PATCH] enable-76-rules-for-openEuler --- .../rule.yml | 30 +++++++ @@ -41,7 +41,7 @@ Subject: [PATCH] enable-76-rules-for-openEuler.patch .../accounts_password_pam_minlen/rule.yml | 2 +- .../accounts_password_pam_ocredit/rule.yml | 2 +- .../oval/shared.xml | 1 + - .../accounts_password_pam_retry/rule.yml | 2 +- + .../accounts_password_pam_retry/rule.yml | 7 +- .../accounts_password_pam_ucredit/rule.yml | 2 +- .../var_password_pam_dictcheck.var | 16 ++++ .../oval/shared.xml | 1 + @@ -105,7 +105,7 @@ Subject: [PATCH] enable-76-rules-for-openEuler.patch shared/macros-oval.jinja | 73 ++++++++++++++++ shared/templates/template_OVAL_sysctl | 4 + ssg/constants.py | 4 +- - 101 files changed, 1521 insertions(+), 37 deletions(-) + 101 files changed, 1526 insertions(+), 37 deletions(-) create mode 100644 linux_os/guide/services/cron_and_at/no_lowprivilege_users_writeable_cmds_in_crontab_file/rule.yml create mode 100644 linux_os/guide/services/ftp/package_ftp_removed/rule.yml create mode 100644 linux_os/guide/services/ssh/ssh_server/disable_host_auth/oval/shared.xml @@ -977,7 +977,7 @@ index d888d78..4588489 100644 The password retry should meet minimum requirements diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml -index 099cbbf..908ca40 100644 +index 099cbbf..50853ed 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml @@ -1,6 +1,6 @@ @@ -988,6 +988,18 @@ index 099cbbf..908ca40 100644 title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' +@@ -10,6 +10,11 @@ description: |- + show retry=, or a lower value if + site policy is more restrictive. + The DoD requirement is a maximum of 3 prompts per session. ++ {{% if product in ["openeuler2203"] %}} ++ Considering the usability of the community release of openEuler in different scenarios, ++ the values of retry are not configured in the openEuler release by default. ++ Please set it based on the site requirements. ++ {{% endif %}} + + rationale: |- + Setting the password retry prompts that are permitted on a per-session basis to a low value diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml index 7b5fe67..203da95 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml @@ -2668,5 +2680,5 @@ index 401c60d..aa081d8 100644 "opensuse": [ "cpe:/o:opensuse:leap:42.1", -- -2.33.0 +2.21.0.windows.1