Merge pull request #78 from markdchurchill/password-creation-flex

Support wild configs that are tabbed out
dev-sec · Apr 8, 2020 · 3738fe3 · 3738fe3
2 parents a74b90d + dea4205
commit 3738fe3
Showing 1 changed file with 11 additions and 11 deletions.
diff --git a/controls/5_3_configure_pam.rb b/controls/5_3_configure_pam.rb
@@ -29,20 +29,20 @@
     describe.one do
       %w(common-password system-auth).each do |f|
         describe file("/etc/pam.d/#{f}") do
-          its(:content) { should match(/^password required pam_cracklib\.so (\S+\s+)*try_first_pass/) }
-          its(:content) { should match(/^password required pam_cracklib\.so (\S+\s+)*retry=[3210]/) }
+          its(:content) { should match(/^password\s+required\s+pam_cracklib\.so (\S+\s+)*try_first_pass/) }
+          its(:content) { should match(/^password\s+required\s+pam_cracklib\.so (\S+\s+)*retry=[3210]/) }
         end
       end
     end
 
     describe.one do
       %w(common-password system-auth).each do |f|
         describe file("/etc/pam.d/#{f}") do
-          its(:content) { should match(/^password required pam_cracklib\.so (\S+\s+)*minlen=(1[4-9]|[2-9][0-9]|[1-9][0-9][0-9]+)/) }
-          its(:content) { should match(/^password required pam_cracklib\.so (\S+\s+)*dcredit=-[1-9][0-9]*\s*(?:#.*)?/) }
-          its(:content) { should match(/^password required pam_cracklib\.so (\S+\s+)*lcredit=-[1-9][0-9]*\s*(?:#.*)?/) }
-          its(:content) { should match(/^password required pam_cracklib\.so (\S+\s+)*ucredit=-[1-9][0-9]*\s*(?:#.*)?/) }
-          its(:content) { should match(/^password required pam_cracklib\.so (\S+\s+)*ocredit=-[1-9][0-9]*\s*(?:#.*)?/) }
+          its(:content) { should match(/^password\s+required\s+pam_cracklib\.so (\S+\s+)*minlen=(1[4-9]|[2-9][0-9]|[1-9][0-9][0-9]+)/) }
+          its(:content) { should match(/^password\s+required\s+pam_cracklib\.so (\S+\s+)*dcredit=-[1-9][0-9]*\s*(?:#.*)?/) }
+          its(:content) { should match(/^password\s+required\s+pam_cracklib\.so (\S+\s+)*lcredit=-[1-9][0-9]*\s*(?:#.*)?/) }
+          its(:content) { should match(/^password\s+required\s+pam_cracklib\.so (\S+\s+)*ucredit=-[1-9][0-9]*\s*(?:#.*)?/) }
+          its(:content) { should match(/^password\s+required\s+pam_cracklib\.so (\S+\s+)*ocredit=-[1-9][0-9]*\s*(?:#.*)?/) }
         end
       end
     end
@@ -52,8 +52,8 @@
     describe.one do
       %w(common-password system-auth).each do |f|
         describe file("/etc/pam.d/#{f}") do
-          its(:content) { should match(/^password requisite pam_pwquality\.so (\S+\s+)*retry=[3210]/) }
-          its(:content) { should match(/^password requisite pam_pwquality\.so (\S+\s+)*try_first_pass/) }
+          its(:content) { should match(/^password\s+requisite\s+pam_pwquality\.so (\S+\s+)*retry=[3210]/) }
+          its(:content) { should match(/^password\s+requisite\s+pam_pwquality\.so (\S+\s+)*try_first_pass/) }
         end
       end
     end
@@ -92,11 +92,11 @@
   describe.one do
     %w(common-password system-auth).each do |f|
       describe file("/etc/pam.d/#{f}") do
-        its(:content) { should match(/^password (\S+\s+)+pam_unix\.so (\S+\s+)*remember=([56789]|[1-9][0-9]+)/) }
+        its(:content) { should match(/^password\s+(\S+\s+)+pam_unix\.so (\S+\s+)*remember=([56789]|[1-9][0-9]+)/) }
       end
 
       describe file("/etc/pam.d/#{f}") do
-        its(:content) { should match(/^password (\S+\s+)+pam_pwhistory\.so (\S+\s+)*remember=([56789]|[1-9][0-9]+)/) }
+        its(:content) { should match(/^password\s+(\S+\s+)+pam_pwhistory\.so (\S+\s+)*remember=([56789]|[1-9][0-9]+)/) }
       end
     end
   end