OpenSCAP fails to audit /etc/pam.d/system-auth and /etc/pam.d/password-auth
Issue
- On a RHEL 7.2 server installed latest
scap-security-guide
, tailored the profile and run some scans. We see six failed scans with regard topam_pwquality
module. Checking older SCAP scans, I see that the file/etc/security/pwquality.conf
was never audited before, but instead/etc/pam.d/system-auth
. Our password settings are enforced because of the applied settings in/etc/pam.d/system-auth
. Do we have to apply the settings from/etc/security/pwquality.conf
, to have positive SCAP results?
Environment
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.