Merge pull request #12752 from alanmcanonical/ubt24_53327

Ubuntu 24.04: Implement 5.3.3.2.7 Ensure password quality checking is enforced

controls/cis_ubuntu2404.yml

@@ -1985,8 +1985,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: planned
-    notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile.
+    rules:
+      - var_password_pam_enforcing=1
+      - accounts_password_pam_enforcing
+    status: automated
 
   - id: 5.3.3.2.8
     title: Ensure password quality is enforced for the root user (Automated)

linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml

@@ -42,10 +42,19 @@ ocil: |-
 
 platform: package[pam]
 
+{{% if product == "ubuntu2404" %}}
+template:
+    name: accounts_password
+    vars:
+        variable: enforcing
+        operation: equals
+{{% else %}}
 template:
     name: "lineinfile"
     vars:
         text: "enforcing = 1"
         path: "/etc/security/pwquality.conf"
     oval_extend_definitions:
         - accounts_password_pam_pwquality
+{{% endif %}}
+

linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/tests/correct.pass.sh

@@ -1,3 +1,7 @@
 #!/bin/bash
 
+{{% if product == "ubuntu2404" %}}
+{{{ bash_pam_pwquality_enable() }}}
+{{% endif %}}
+
 echo 'enforcing = 1' > /etc/security/pwquality.conf

linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/var_password_pam_enforcing.var

@@ -0,0 +1,17 @@
+documentation_complete: true
+
+title: enforcing
+
+description: |-
+    Disallow a password that does not meet the criteria
+
+type: number
+
+operator: equals
+
+interactive: false
+
+options:
+    1: 1
+    default: 1
+