updates for V1R19

- removed virus scan requirement
- updated control-alt-delete logging faculty
- updated various rules to also check password-auth in addition to
  system-auth
- improved pam_pwhistory arg placement

Author: jamescassell

defaults/main.yml

@@ -22,18 +22,6 @@ rhel6stig_pam_cracklib_params: try_first_pass retry=3 maxrepeat=3 minlen={{ rhel
 # SELinux settings
 rhel6stig_selinux_pol: targeted
 
-# Only set this to true if you have a valid
-# antivirus solution in your repositories, else it will fail every time.
-rhel6stig_antivirus_required: no
-
-# AV settings
-rhel6stig_av_package:
-    package:
-        - clamav
-        - clamav-scanner
-        - clamav-server
-    service: clamav-daemon
-
 # GPG Key locations
 # These are the standard URL locations for GPG keys for RH and Cent.
 # If running this against offline systems then specify an accessible

files/control-alt-delete.override

@@ -5,4 +5,4 @@
 
 start on control-alt-delete
 
-exec /usr/bin/logger -p security.info "Ctrl-Alt-Delete pressed"
+exec /usr/bin/logger -p authpriv.notice "Ctrl-Alt-Delete pressed"

tasks/cat1.yml

@@ -40,10 +40,13 @@
 
 - name: "HIGH | V-38497 | PATCH | The system must not have accounts configured with blank or null passwords"
   replace:
-      dest: /etc/pam.d/system-auth
+      dest: /etc/pam.d/{{ item }}
       follow: yes
       regexp: '([ \t]+)nullok[ \t]*'
       replace: '\1'
+  with_items:
+      - system-auth
+      - password-auth
   tags:
       - cat1
       - high

tasks/cat2.yml

@@ -1740,17 +1740,34 @@
 # - name: "MEDIUM | V-38652 | AUDIT | Remote file systems must be mounted with the 'nodev' option"
 # - name: "MEDIUM | V-38654 | AUDIT | Remote file systems must be mounted with the nosuid option"
 
-- name: "MEDIUM | V-38658 | PATCH | The system must prohibit the reuse of passwords within five iterations."
-  pamd:
-      name: system-auth
-      new_type: password
-      new_control: requisite
-      new_module_path: pam_pwhistory.so
-      module_arguments: use_authtok remember={{ rhel6stig_pass_reuse }}
-      state: after
-      type: password
-      control: requisite
-      module_path: pam_cracklib.so
+- name: "MEDIUM | V-38658 | The system must prohibit the reuse of passwords within five iterations."
+  block:
+      - name: "MEDIUM | V-38658 | PATCH | The system must prohibit the reuse of passwords within five iterations."
+        pamd:
+            name: "{{ item }}"
+            new_type: password
+            new_control: requisite
+            new_module_path: pam_pwhistory.so
+            module_arguments: use_authtok remember={{ rhel6stig_pass_reuse }}
+            state: after
+            type: password
+            control: requisite
+            module_path: pam_cracklib.so
+        with_items:
+            - system-auth
+            - password-auth
+
+      - name: "MEDIUM | V-38658 | PATCH | The system must prohibit the reuse of passwords within five iterations."
+        pamd:
+            name: "{{ item }}"
+            type: password
+            control: requisite
+            module_path: pam_pwhistory.so
+            module_arguments: remember={{ rhel6stig_pass_reuse }}
+            state: args_present
+        with_items:
+            - system-auth
+            - password-auth
   tags:
       - cat2
       - medium
@@ -1844,26 +1861,6 @@
       - file_perms
       - rpm
 
-- block:
-    - name: MEDIUM | V-38666 | PATCH | The system must use and update a virus scan program"
-      yum:
-          name: "{{ rhel6stig_av_package.package }}"
-          state: present
-
-    - name: MEDIUM | V-38666 | PATCH | The system must use and update a virus scan program"
-      service:
-          name: "{{ rhel6stig_av_package.service }}"
-          state: started
-          enabled: yes
-  when:
-      - rhel6stig_antivirus_required
-  tags:
-      - cat2
-      - medium
-      - patch
-      - V-38666
-      - antivirus
-
 # Not automated
 # - name: "MEDIUM |  V-38667 | Inspect the system to determine if intrusion detection software has been installed."