add some descriptions

2023-06-26 17:10:55 +08:00 · 2023-06-26 17:10:55 +08:00 · 696e34728b
commit 696e34728b
parent e72f93dfa0
1 changed files with 20 additions and 8 deletions
--- a/enable-76-rules-for-openEuler.patch
+++ b/enable-76-rules-for-openEuler.patch
@ -1,7 +1,7 @@
-From 262435c4b8c511cf8afc5927051cb0948415f593 Mon Sep 17 00:00:00 2001
+From 49b0ed553a842d15ed5f942dd9825aa89eb84078 Mon Sep 17 00:00:00 2001
-From: steven_ygui <steven_ygui@163.com>
+From: "steven.y.gui" <steven_ygui@163.com>
-Date: Fri, 19 May 2023 01:37:20 +0800
+Date: Mon, 26 Jun 2023 17:09:54 +0800
-Subject: [PATCH] enable-76-rules-for-openEuler.patch
+Subject: [PATCH] enable-76-rules-for-openEuler
 ---
 .../rule.yml                                  | 30 +++++++
@ -41,7 +41,7 @@ Subject: [PATCH] enable-76-rules-for-openEuler.patch
 .../accounts_password_pam_minlen/rule.yml     |  2 +-
 .../accounts_password_pam_ocredit/rule.yml    |  2 +-
 .../oval/shared.xml                           |  1 +
- .../accounts_password_pam_retry/rule.yml      |  2 +-
+ .../accounts_password_pam_retry/rule.yml      |  7 +-
 .../accounts_password_pam_ucredit/rule.yml    |  2 +-
 .../var_password_pam_dictcheck.var            | 16 ++++
 .../oval/shared.xml                           |  1 +
@ -105,7 +105,7 @@ Subject: [PATCH] enable-76-rules-for-openEuler.patch
 shared/macros-oval.jinja                      | 73 ++++++++++++++++
 shared/templates/template_OVAL_sysctl         |  4 +
 ssg/constants.py                              |  4 +-
- 101 files changed, 1521 insertions(+), 37 deletions(-)
+ 101 files changed, 1526 insertions(+), 37 deletions(-)
 create mode 100644 linux_os/guide/services/cron_and_at/no_lowprivilege_users_writeable_cmds_in_crontab_file/rule.yml
 create mode 100644 linux_os/guide/services/ftp/package_ftp_removed/rule.yml
 create mode 100644 linux_os/guide/services/ssh/ssh_server/disable_host_auth/oval/shared.xml
@ -977,7 +977,7 @@ index d888d78..4588489 100644
       <description>The password retry should meet minimum requirements</description>
     </metadata>
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
-index 099cbbf..908ca40 100644
+index 099cbbf..50853ed 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
@@ -1,6 +1,6 @@
@ -988,6 +988,18 @@ index 099cbbf..908ca40 100644
 title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session'
@@ -10,6 +10,11 @@ description: |-
     show <tt>retry=<sub idref="var_password_pam_retry" /></tt>, or a lower value if
     site policy is more restrictive.
     The DoD requirement is a maximum of 3 prompts per session.
 +    {{% if product in ["openeuler2203"] %}}
 +    Considering the usability of the community release of openEuler in different scenarios, 
 +    the values of retry are not configured in the openEuler release by default. 
 +    Please set it based on the site requirements.
 +    {{% endif %}}
 rationale: |-
     Setting the password retry prompts that are permitted on a per-session basis to a low value
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
 index 7b5fe67..203da95 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
@ -2668,5 +2680,5 @@ index 401c60d..aa081d8 100644
     "opensuse": [
         "cpe:/o:opensuse:leap:42.1",
 -- 
-2.33.0
+2.21.0.windows.1