Changeset 196

Show
Ignore:
Timestamp:
06/07/08 08:56:00 (6 months ago)
Author:
slawrence
Message:

Update stigs to match pam conf changes.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/RHEL5.2/scripts/stig-fix/cat2/gen000460.sh

    r154 r196  
    1010cat <<-EOF > /etc/pam.d/system-auth 
    1111#%PAM-1.0 
    12 auth       required      pam_tally.so deny=3 onerr=fail unlock_time=900 quiet 
    13  
     12# This file is auto-generated. 
     13# User changes will be destroyed the next time authconfig is run. 
     14#5 login attempts within 30 seconds.  Locked out for 60 seconds if fail 
     15auth        required      pam_tally.so deny=3 onerr=fail unlock_time=900 quiet 
    1416auth        required      pam_env.so 
    15 auth        required      pam_unix.so nullok try_first_pass audit 
     17auth        sufficient    pam_unix.so nullok try_first_pass audit 
     18auth        requisite     pam_succeed_if.so uid >= 500 quiet 
     19auth        required      pam_deny.so 
    1620 
    1721account     required      pam_unix.so 
    18 account     required     pam_tally.so 
     22account     required      pam_tally.so 
     23account     sufficient    pam_succeed_if.so uid < 500 quiet 
     24account     required      pam_permit.so 
     25 
    1926password    required      pam_cracklib.so try_first_pass retry=3 minlen=12 difok=3 dcredit=-2 ucredit=-2 ocredit=-2 lcredit=-2 
    20 password    required      pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=12 
     27password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=12 
     28password    required      pam_deny.so 
    2129 
    2230session     optional      pam_keyinit.so revoke 
    2331session     required      pam_limits.so 
     32session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid 
    2433session     required      pam_unix.so 
    2534EOF