config-files/shadow-utils-config.install at 6969881a6069e00b8bfbd65cef7f3ccb0b8742f8 - config-files - OpenDev: Free Software Needs Free Tools

starlingx/config-files

Rodrigo Tavares 6969881a60 Change default passwd age and encryption configs

In order to comply with CIS Benchmark, the password minimum age should
be 1 day, maximum age should be no more than 365 days, inactive password
lock should be less than or equal to 45 days, and password encryption
should be set to SHA512.

This commit adds those requirements to the default user settings.

Test Plan:
PASS: Run build-pkgs -c -p shadow-utils-config.
PASS: Run build-image.
PASS: Run fresh install of AIO-SX with complete bootstrap and unlock of
      the controller-0.
PASS: Run fresh install of AIO-DX with complete bootstrap and unlock of
      controller-0 and controller-1.
PASS: Perform backup and restore and verify that the rules apply.
PASS: Run `chage -l sysadmin` after bootstrap and check if the password
      expires 90 days in the future.

Story: 2011283
Task: 51443

Change-Id: Ic6e2d88d4317a565ea043caaac14e73b723171f3
Signed-off-by: Rodrigo Tavares <Rodrigo.DosSantosTavares@windriver.com>

2025-01-14 18:43:36 +00:00

4 lines

109 B

Plaintext

Raw Blame History

	`clear_shadow_locks.service usr/lib/systemd/system`
	`login.defs usr/share/starlingx`
	`useradd usr/share/starlingx`