How to Select a Non-Default Value for a Rule in a Tailoring
You must be assigned the Compliance Assessor rights profile to create a tailoring that can be added to the assessment store. For more information, see Rights to Run Compliance Assessments and Reports and Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
Example 1-8 Creating a Tailoring That Checks for a Password Length of 13
-
Change the default password length according to site requirements.
Change the PASSLENGTH value in the
/etc/default/passwd
file.## /etc/default/passwd file ##PASSLENGTH=8 PASSLENGTH=13
-
Create a tailoring from the
solaris
benchmark.$ pfbash ; compliance tailor -t passwdLength13Test *** compliance tailor: Can't get existing tailor "passwdLength13Test", initializing tailoring:passwdLength13Test> set benchmark=solaris
-
Display the rules in the
solaris
benchmark that contain variables and their possible values.tailoring:passwdLength13Test> values -v OSCV-19500 (gdm service): _disabled_ /disabled|enabled/ OSCV-37500 (NFS client service): _disabled_ /disabled|enabled/ OSCV-46000 (Minimum Password Length): 6 <= _8_ <= 255 /6|8|14/ OSCV-47000 (Minimum Password Character Difference): 1 <= _3_ /3/ OSCV-48000 (Minimum Password Lower-Case Character Count): 0 <= _0_ /0|1/ OSCV-49000 (Minimum Password Special Character Count): 0 <= _0_ /0|1/
The output shows that the minimum password length that rule OSC-46000 can check for is
6
and the maximum is255
. The current value is8
. -
Set the rule to check for a minimum password length of
13
.tailoring:passwdLength13Test> include OSC-46000 tailoring:passwdLength13Test> value OSCV-46000=13 tailoring:passwdLength13Test> commit tailoring:passwdLength13Test> exit $
-
Test the tailoring.
$ compliance assess -t passwdLength13Test Assessment will be named 'passwdLength13Test.2015-10-10,10:10' Title Passwords must be at least 13 characters long Rule OSC-46000 Result pass