Implement rule 5.3.3.2.4 Ensure password same consecutive characters …

…is configured
ComplianceAsCode · Dec 19, 2024 · 952a287 · 952a287
1 parent 7708eb8
commit 952a287
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
@@ -1880,8 +1880,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: planned
-    notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile.
+    rules:
+      - var_password_pam_maxrepeat=3
+      - accounts_password_pam_maxrepeat
+    status: automated
 
   - id: 5.3.3.1.1
     title: Ensure password failed attempts lockout is configured (Automated)

diff --git a/...-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/...-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
@@ -58,6 +58,9 @@ template:
     vars:
         variable: maxrepeat
         operation: less than or equal
+{{%- if product == "ubuntu2404" %}}
+        zero_comparison_operation: greater than
+{{%- endif %}}
 
 fixtext: |-
     Configure {{{ full_name }}} to require the change of the number of repeating consecutive characters when passwords are changed by setting the "maxrepeat" option.