Linux: Pam_cracklib Parameter
Description
The Linux: Pam_cracklib Parameter test is used to test the value of pam_cracklib parameters by looking at individual blocks of text in configuration and log files, by looking at individual blocks of text.
The textfilecontent54_object element is used by a textfilecontent54_test to define the specific block(s) of text of a file(s) to be evaluated. The textfilecontent54_object will only collect regular files on UNIX systems.
The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
The textfilecontent54_state element contains entities that are used to check the file path and name, as well as the text block in question and the value of the subexpressions.
Technical Details
Artifact Parameters
linux.pam_cracklib_parameter_v1
Name |
Type |
Description |
|---|---|---|
parameter |
string |
The parameter being tested. Cannot be blank. |
Supported Test Types
Existence Test
Equals
Not Equal
Less Than
Less Than Or Equal
Greater Than
Greater Than Or Equal
Pattern Match
Pattern Not Match
Test Type Parameters
existence_test
Name |
Type |
Description |
|---|---|---|
value |
string |
The value to be tested. |
- NOTE: The
valueparameter is governed by a constraint allowing only the following values: all_exist
any_exist
at_least_one_exists
none_satisfy
none_exist
only_one_exists
Name |
Type |
Description |
|---|---|---|
value |
string |
The value to be tested. |
data_type |
string |
The data type of the value. |
- NOTE: The
data_typeparameter is governed by a constraint allowing only the following values: boolean
float
int
string
version
set
Generated Content
existence_test
XCCDF+AE
This is what the AE check looks like, inside a Rule, in the XCCDF.
<xccdf:complex-check operator="AND">
<xccdf:check system="https://benchmarks.cisecurity.org/ae/0.5">
<xccdf:check-content>
<ae:artifact_expression id="xccdf_org.cisecurity.benchmarks_ae_[SECTION-NUMBER]">
<ae:artifact_oval_id>[ARTIFACT-OVAL-ID]</ae:artifact_oval_id>
<ae:title>[ARTIFACT-TITLE]</ae:title>
<ae:artifact type="[ARTIFACT-TYPE-NAME]">
<ae:parameters>
<ae:parameter dt="string" name="parameter">[parameter.value]</ae:parameter>
</ae:parameters>
</ae:artifact>
<ae:test type="[TEST-TYPE-NAME]">
<ae:parameters>
<ae:parameter dt="string" name="value">[value.value]</ae:parameter>
</ae:parameters>
</ae:test>
<ae:profiles>
<ae:profile idref="xccdf_org.cisecurity.benchmarks_profile_Level_1" />
</ae:profiles>
</ae:artifact_expression>
</xccdf:check-content>
</xccdf:check>
</xccdf:complex-check>
SCAP
XCCDF
For linux.pam_cracklib_parameter_v1 existence_test artifacts, the XCCDF check looks like this. There is no Value element in the XCCDF for this artifact.
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
<check-content-ref
href="[BENCHMARK-TITLE]-oval.xml"
name="oval:org.cisecurity.benchmarks.[PLATFORM]:def:[ARTIFACT-OVAL-ID]" />
</check>
OVAL
Test
<textfilecontent54_test
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:tst:[ARTIFACT-OVAL-ID]"
check_existence="at_least_one_exists"
check="all"
comment="[ARTIFACT-TITLE]"
version="1">
<object object_ref="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]" />
</textfilecontent54_test>
Object
<textfilecontent54_object
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]"
comment="[ARTIFACT-TITLE]"
version="1">
<filepath>[filepath.value]<filepath>
<pattern operation="pattern match">[pattern.value]</pattern>
<instance
datatype="int"
operation="equals">
1
</instance>
</textfilecontent54_object>
State
N/A
YAML
artifact-expression:
artifact-unique-id: "[ARTIFACT-OVAL-ID]"
artifact-title: "[ARTIFACT-TITLE]"
artifact:
type: "[ARTIFACT-TYPE-NAME]"
parameters:
- parameter:
name: "parameter"
dt: "string"
value: "[parameter.value]"
test:
type: "[TEST-TYPE-NAME]"
parameters:
- parameter:
name: "value"
dt: "string"
value: "[value.value]"
JSON
{
"artifact-expression": {
"artifact-unique-id": "[ARTIFACT-OVAL-ID]",
"artifact-title": "[ARTIFACT-TITLE]",
"artifact": {
"type": "[ARTIFACT-TYPE-NAME]",
"parameters": [
{
"parameter": {
"name": "parameter",
"type": "string",
"value": "[parameter.value]"
}
}
]
},
"test": {
"type": "[TEST-TYPE-NAME]",
"parameters": [
{
"parameter": {
"name": "value",
"dt": "string",
"value": "[value.value]"
}
}
]
}
}
}
Generated Content
XCCDF+AE
This is what the AE check looks like, inside a Rule, in the XCCDF.
<xccdf:complex-check operator="AND">
<xccdf:check system="https://benchmarks.cisecurity.org/ae/0.5">
<xccdf:check-content>
<ae:artifact_expression id="xccdf_org.cisecurity.benchmarks_ae_[SECTION-NUMBER]">
<ae:artifact_oval_id>[ARTIFACT-OVAL-ID]</ae:artifact_oval_id>
<ae:title>[ARTIFACT-TITLE]</ae:title>
<ae:artifact type="[ARTIFACT-TYPE-NAME]">
<ae:parameters>
<ae:parameter dt="string" name="parameter">[parameter.value]</ae:parameter>
</ae:parameters>
</ae:artifact>
<ae:test type="[TEST-TYPE-NAME]">
<ae:parameters>
<ae:parameter dt="string" name="value">[value.value]</ae:parameter>
<ae:parameter dt="string" name="data_type">[data_type.value]</ae:parameter>
</ae:parameters>
</ae:test>
<ae:profiles>
<ae:profile idref="xccdf_org.cisecurity.benchmarks_profile_Level_1" />
</ae:profiles>
</ae:artifact_expression>
</xccdf:check-content>
</xccdf:check>
</xccdf:complex-check>
SCAP
XCCDF
For linux.pam_cracklib_parameter_v1 equals, not equal, less than, less than or equal, greater than, greater than or equal, pattern match, and pattern not match artifacts, the XCCDF check looks like this. There is no Value element in the XCCDF for this artifact.
<check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
<check-content-ref
href="[BENCHMARK-TITLE]-oval.xml"
name="oval:org.cisecurity.benchmarks.[PLATFORM]:def:[ARTIFACT-OVAL-ID]" />
</check>
OVAL
Test
<textfilecontent54_test
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:tst:[ARTIFACT-OVAL-ID]"
check_existence="at_least_one_exists"
check="all"
comment="[ARTIFACT-TITLE]"
version="1">
<object object_ref="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]" />
</textfilecontent54_test>
Object
<textfilecontent54_object
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:obj:[ARTIFACT-OVAL-ID]"
comment="[ARTIFACT-TITLE]"
version="1">
<filepath>[filepath.value]<filepath>
<pattern operation="pattern match">
[pattern.value]
</pattern>
<instance
datatype="int"
operation="equals">
1
</instance>
</textfilecontent54_object>
State
<textfilecontent54_state
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
id="oval:org.cisecurity.benchmarks.[PLATFORM]:ste:[ARTIFACT-OVAL-ID]"
comment="[ARTIFACT-TITLE]"
version="1">
<subexpression
datatype="[datatype.value]"
operation="[operation.value]">
[subexpression.value]
</subexpression>
</textfilecontent54_state>
YAML
artifact-expression:
artifact-unique-id: "[ARTIFACT-OVAL-ID]"
artifact-title: "[ARTIFACT-TITLE]"
artifact:
type: "[ARTIFACT-TYPE-NAME]"
parameters:
- parameter:
name: "parameter"
dt: "string"
value: "[parameter.value]"
test:
type: "[TEST-TYPE-NAME]"
parameters:
- parameter:
name: "value"
dt: "string"
value: "[value.value]"
- parameter:
name: "data_type"
dt: "string"
value: "[data_type.value]"
JSON
{
"artifact-expression": {
"artifact-unique-id": "[ARTIFACT-OVAL-ID]",
"artifact-title": "[ARTIFACT-TITLE]",
"artifact": {
"type": "[ARTIFACT-TYPE-NAME]",
"parameters": [
{
"parameter": {
"name": "parameter",
"type": "string",
"value": "[parameter.value]"
}
}
]
},
"test": {
"type": "[TEST-TYPE-NAME]",
"parameters": [
{
"parameter": {
"name": "value",
"dt": "string",
"value": "[value.value]"
}
},
{
"parameter": {
"name": "data_type",
"dt": "string",
"value": "[data_type.value]"
}
}
]
}
}
}