From 7d8df8d411ed7b70942bc7ed5f3d6092e8747bfd Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Thu, 26 Sep 2024 16:51:15 +0200
Subject: [PATCH 1/2] add value 17 to xccdf variables configuring minimum
 password length

---
 .../password_quality_pwquality/var_password_pam_minlen.var       | 1 +
 .../var_accounts_password_minlen_login_defs.var                  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/var_password_pam_minlen.var b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/var_password_pam_minlen.var
index 873d907ab92..b0c54bd87d2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/var_password_pam_minlen.var
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/var_password_pam_minlen.var
@@ -15,6 +15,7 @@ options:
     12: 12
     14: 14
     15: 15
+    17: 17
     18: 18
     20: 20
     6: 6
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/var_accounts_password_minlen_login_defs.var b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/var_accounts_password_minlen_login_defs.var
index 662c53b0767..523dbaf46fa 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/var_accounts_password_minlen_login_defs.var
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/var_accounts_password_minlen_login_defs.var
@@ -13,6 +13,7 @@ options:
     12: 12
     14: 14
     15: 15
+    17: 17
     18: 18
     20: 20
     6: 6

From f68c57c246cf5001aa45deac41c9a1769e0b93ed Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Thu, 26 Sep 2024 16:51:41 +0200
Subject: [PATCH 2/2] update password length requirements for ism_o secret and
 top secret levels

---
 controls/ism_o.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/controls/ism_o.yml b/controls/ism_o.yml
index 995e2b3304a..d7ff460aade 100644
--- a/controls/ism_o.yml
+++ b/controls/ism_o.yml
@@ -62,6 +62,7 @@ controls:
             - sshd_max_auth_tries_value=5
             - sssd_enable_smartcards
             - var_password_pam_minlen=14
+            - var_accounts_password_minlen_login_defs=14
             - var_accounts_password_warn_age_login_defs=7
             - var_accounts_minimum_age_login_defs=1
             - var_accounts_maximum_age_login_defs=60
@@ -94,6 +95,8 @@ controls:
             - sshd_disable_kerb_auth
             - sshd_set_max_auth_tries
             - sssd_enable_smartcards
+            - var_password_pam_minlen=20
+            - var_accounts_password_minlen_login_defs=20
         status: automated
     -   id: '0484'
         title: 'SSH daemon configuration'
@@ -607,6 +610,8 @@ use of device access control software or by disabling external communication int
             - sshd_disable_kerb_auth
             - sshd_set_max_auth_tries
             - sssd_enable_smartcards
+            - var_password_pam_minlen=17
+            - var_accounts_password_minlen_login_defs=17
         status: partial
 
     -   id: '1558'