You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Per the closure-note for the ash-linux-formula project's plus3it/ash-linux-formula/issues/452, some scanners are using out-of-date hardening-guidance and associated testing. Per updated guidance from Red Hat, RHEL 8.8 (and 9.2) and higher should be configuring the remember (and retry) PAM pwhistory config-option(s) in the /etc/security/pwhistory.conf file instead of the /etc/pam.d/password-auth and/or /etc/pam.d/system-auth files. Changes made to the the /etc/pam.d/password-auth and/or /etc/pam.d/system-auth files is appropriate for RHEL 8.7 and earlier. If a RHEL 8.x is running versions earlier than 8.8, it's behind on system-patches and in violation of scan-goals.
Update Watchmaker FAQs to reflect this.
The text was updated successfully, but these errors were encountered:
Per the closure-note for the ash-linux-formula project's plus3it/ash-linux-formula/issues/452, some scanners are using out-of-date hardening-guidance and associated testing. Per updated guidance from Red Hat, RHEL 8.8 (and 9.2) and higher should be configuring the
remember
(andretry
) PAM pwhistory config-option(s) in the/etc/security/pwhistory.conf
file instead of the/etc/pam.d/password-auth
and/or/etc/pam.d/system-auth
files. Changes made to the the/etc/pam.d/password-auth
and/or/etc/pam.d/system-auth
files is appropriate for RHEL 8.7 and earlier. If a RHEL 8.x is running versions earlier than 8.8, it's behind on system-patches and in violation of scan-goals.Update Watchmaker FAQs to reflect this.
The text was updated successfully, but these errors were encountered: