Merge pull request #12891 from Mab879/fix_12874

RHEL now checks no other users have primary group ID 0
ComplianceAsCode · Jan 24, 2025 · fec1590 · fec1590
2 parents 6c731c2 + 68d4c9e
commit fec1590
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/.../system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/oval/shared.xml b/.../system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/oval/shared.xml
@@ -3,7 +3,7 @@
     {{{ oval_metadata("The root account should have primary group of 0") }}}
     <criteria operator="AND">
       <criterion comment="tests that the root account's gid is equal to 0" test_ref="test_{{{rule_id}}}" />
-      {{% if 'ubuntu' in product %}}
+      {{% if 'ubuntu' in product or 'rhel' in product %}}
       <criterion comment="no other users have primary group ID 0" test_ref="test_{{{rule_id}}}_no_other_gid_0" />
       {{% endif %}}
     </criteria>
@@ -24,7 +24,7 @@
     <ind:subexpression operation="equals" datatype="int">0</ind:subexpression>
   </ind:textfilecontent54_state>
 
-  {{% if 'ubuntu' in product %}}
+  {{% if 'ubuntu' in product or 'rhel' in product %}}
   <!-- Test for other users with GID 0 (excluding sync, shutdown, halt, operator) -->
   <ind:textfilecontent54_test id="test_{{{rule_id}}}_no_other_gid_0" check="all" check_existence="none_exist" comment="test that there are no other accounts with GID 0 except root" version="1">
     <ind:object object_ref="object_{{{rule_id}}}_no_other_gid_0" />

diff --git a/...s/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh b/...s/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-
+# platform = multi_platform_rhel,multi_platform_ubuntu
 # Remediation doesn't fix the rule, only locks passwords
 # of non-root accounts with uid 0.
 # remediation = none