diff --git a/CHANGELOG b/CHANGELOG index c0d454c..454356c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +* Mon Nov 25 2024 Steven Pritchard - 7.3.1 +- Fix use of legacy facts + * Mon Nov 04 2024 Mike Riddle - 7.3.0 - "root_unlock_time" will no longer be included in faillock.conf if "even_deny_root" is set to false - Added nullok back as a parameter for completeness, however, users are warned not to use it unless diff --git a/SIMP/compliance_profiles/checks.yaml b/SIMP/compliance_profiles/checks.yaml index e64146c..2fb0600 100644 --- a/SIMP/compliance_profiles/checks.yaml +++ b/SIMP/compliance_profiles/checks.yaml @@ -422,7 +422,7 @@ checks: nist_800_53:rev4: - AC-7:b confine: - osfamily: RedHat + os.family: RedHat oval:com.puppet.forge.simp.pam.cracklib_maxrepeat: settings: parameter: pam::cracklib_maxrepeat @@ -439,7 +439,7 @@ checks: - SRG-OS-000072-GPOS-00040 - CCI-000195 confine: - osfamily: RedHat + os.family: RedHat oval:com.puppet.forge.simp.pam.even_deny_root: settings: parameter: pam::even_deny_root @@ -458,8 +458,8 @@ checks: - SRG-OS-000021-GPOS-00005 - CCI-002238 confine: - osfamily: RedHat - operatingsystemmajrelease: '7' + os.family: RedHat + os.release.major: '7' oval:com.puppet.forge.simp.pam.hash_algorithm: settings: parameter: pam::hash_algorithm @@ -476,8 +476,8 @@ checks: - SRG-OS-000073-GPOS-00041 - CCI-000196 confine: - osfamily: RedHat - operatingsystemmajrelease: '7' + os.family: RedHat + os.release.major: '7' oval:com.puppet.forge.simp.pam.unlock_time: settings: parameter: pam::unlock_time @@ -494,8 +494,8 @@ checks: - SRG-OS-000329-GPOS-00128 - CCI-002238 confine: - osfamily: RedHat - operatingsystemmajrelease: '7' + os.family: RedHat + os.release.major: '7' oval-ids: - xccdf_org:ssgproject:content_rule_accounts_passwords_pam_faillock_unlock_time - accounts_passwords_pam_faillock_unlock_time diff --git a/metadata.json b/metadata.json index 043f170..880c947 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "simp-pam", - "version": "7.3.0", + "version": "7.3.1", "author": "SIMP Team", "summary": "A SIMP puppet module for managing pam", "license": "Apache-2.0", diff --git a/spec/acceptance/suites/default/00_default_spec.rb b/spec/acceptance/suites/default/00_default_spec.rb index 3a90583..a5f101f 100644 --- a/spec/acceptance/suites/default/00_default_spec.rb +++ b/spec/acceptance/suites/default/00_default_spec.rb @@ -20,7 +20,7 @@ apply_manifest_on(host, manifest, {:catch_changes => true}) end - os_major = fact_on(host, 'operatingsystemmajrelease') + os_major = fact_on(host, 'os.release.major') # Total hack to support Amazon without a bunch of logic if ['7','2'].include?(os_major)