From 654813d8b42cf7871dfb0a9fadd57a6b25085bab Mon Sep 17 00:00:00 2001
From: Samson-W <samson@hardenedlinux.org>
Date: Sun, 17 May 2020 01:39:21 +0800
Subject: [PATCH] According to the latest STIG, modify minlen to 15.

---
 bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh | 2 +-
 bin/hardening/9.2.1_pam_retry_cracklib.sh           | 2 +-
 bin/hardening/9.2.2_pam_minlen_cracklib.sh          | 2 +-
 bin/hardening/9.2.3_pam_dcredit_cracklib.sh         | 2 +-
 bin/hardening/9.2.4_pam_ucredit_cracklib.sh         | 2 +-
 bin/hardening/9.2.5_pam_ocredit_cracklib.sh         | 2 +-
 bin/hardening/9.2.6_pam_lcredit_cracklib.sh         | 2 +-
 bin/hardening/9.2.7_pam_difok_cracklib.sh           | 2 +-
 bin/hardening/9.2.8_pam_minclass_cracklib.sh        | 2 +-
 bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh       | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh b/bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh
index dbef38d..35f47f5 100755
--- a/bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh
+++ b/bin/hardening/9.2.10_pam_maxclassrepeat_cracklib.sh
@@ -84,7 +84,7 @@ apply_debian () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         warn "$PATTERN is not present in $FILE, add default config to $FILE"
-        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=15 difok=3" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.1_pam_retry_cracklib.sh b/bin/hardening/9.2.1_pam_retry_cracklib.sh
index 6a53697..14fdb94 100755
--- a/bin/hardening/9.2.1_pam_retry_cracklib.sh
+++ b/bin/hardening/9.2.1_pam_retry_cracklib.sh
@@ -80,7 +80,7 @@ apply () {
 		fi
     elif [ $FNRET = 2 ]; then
         crit "$PATTERN is not present in $FILE, add default config to $FILE"
-        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=15 difok=3" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.2_pam_minlen_cracklib.sh b/bin/hardening/9.2.2_pam_minlen_cracklib.sh
index 3f97117..e897977 100755
--- a/bin/hardening/9.2.2_pam_minlen_cracklib.sh
+++ b/bin/hardening/9.2.2_pam_minlen_cracklib.sh
@@ -84,7 +84,7 @@ apply_debian () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         warn "$PATTERN is not present in $FILE, add default config to $FILE"
-        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=$OPTIONNAME difok=3" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.3_pam_dcredit_cracklib.sh b/bin/hardening/9.2.3_pam_dcredit_cracklib.sh
index 4f5368f..fd411fa 100755
--- a/bin/hardening/9.2.3_pam_dcredit_cracklib.sh
+++ b/bin/hardening/9.2.3_pam_dcredit_cracklib.sh
@@ -84,7 +84,7 @@ apply_debian () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         crit "$PATTERN is not present in $FILE, add default config to $FILE"
-        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=15 difok=3" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.4_pam_ucredit_cracklib.sh b/bin/hardening/9.2.4_pam_ucredit_cracklib.sh
index efc3de8..31f8366 100755
--- a/bin/hardening/9.2.4_pam_ucredit_cracklib.sh
+++ b/bin/hardening/9.2.4_pam_ucredit_cracklib.sh
@@ -85,7 +85,7 @@ apply_debian () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         crit "$PATTERN is not present in $FILE, add default config to $FILE"
-        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=15 difok=3" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.5_pam_ocredit_cracklib.sh b/bin/hardening/9.2.5_pam_ocredit_cracklib.sh
index 31d0d63..66b7e19 100755
--- a/bin/hardening/9.2.5_pam_ocredit_cracklib.sh
+++ b/bin/hardening/9.2.5_pam_ocredit_cracklib.sh
@@ -84,7 +84,7 @@ apply_debian () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         crit "$PATTERN is not present in $FILE, add default config to $FILE"
-        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=15 difok=3" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.6_pam_lcredit_cracklib.sh b/bin/hardening/9.2.6_pam_lcredit_cracklib.sh
index 7c3078d..44807cf 100755
--- a/bin/hardening/9.2.6_pam_lcredit_cracklib.sh
+++ b/bin/hardening/9.2.6_pam_lcredit_cracklib.sh
@@ -84,7 +84,7 @@ apply_debian () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         warn "$PATTERN is not present in $FILE, add default config to $FILE"
-        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=15 difok=3" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.7_pam_difok_cracklib.sh b/bin/hardening/9.2.7_pam_difok_cracklib.sh
index 4afcc46..0a6bbd8 100755
--- a/bin/hardening/9.2.7_pam_difok_cracklib.sh
+++ b/bin/hardening/9.2.7_pam_difok_cracklib.sh
@@ -84,7 +84,7 @@ apply_debian () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         warn "$PATTERN is not present in $FILE, add default config to $FILE"
-        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=15 difok=3" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.8_pam_minclass_cracklib.sh b/bin/hardening/9.2.8_pam_minclass_cracklib.sh
index bd14a07..d626cd0 100755
--- a/bin/hardening/9.2.8_pam_minclass_cracklib.sh
+++ b/bin/hardening/9.2.8_pam_minclass_cracklib.sh
@@ -84,7 +84,7 @@ apply_debian () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         warn "$PATTERN is not present in $FILE, add default config to $FILE"
-        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=15 difok=3" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then
diff --git a/bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh b/bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh
index 2495379..ebe8291 100755
--- a/bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh
+++ b/bin/hardening/9.2.9_pam_maxrepeat_cracklib.sh
@@ -84,7 +84,7 @@ apply_debian () {
         apt_install $PACKAGE
     elif [ $FNRET = 2 ]; then
         warn "$PATTERN is not present in $FILE, add default config to $FILE"
-        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=8 difok=3" "# pam-auth-update(8) for details."
+        add_line_file_before_pattern $FILE "password    requisite           pam_cracklib.so retry=3 minlen=15 difok=3" "# pam-auth-update(8) for details."
     elif [ $FNRET = 3 ]; then
         crit "$FILE is not exist, please check"
     elif [ $FNRET = 4 ]; then