I wanted to modify the Fixlet (126579 Ensure password creation requirements are configured CIS Red Hat Enterprise Linux 7 )
to use a minimum length of 12 instead of the default value of 14.
The relevance script does not seem to show any information about how I could replace he minlen from 14 to 12.
We are able to update the action script with the desired value but due to the relevance being incorrect, the machines are still showing non-compliant.
I am not finding “minlen = 12” in Fixlet (126579)
not exists 1 whose ((((((0 < number of ((it, (if exists it then concatenation “,” of substrings separated by “<!comma>” of it else it) of tuple string items (1 - 1) of concatenation ", " of substrings separated by “<!plural>” of concatenation “<!comma>” of substrings separated by “,” of concatenation “<!plural>” of (if exist matches (regex “<!comma>|<!plural>”) of it then error “Delimiter in string: <!comma>|<!plural>” else it) of lines whose (exist matches (regex “^\sminlen\s=\s*([1-9][4-9]|[2-9][0-9]|[1-9][0-9]{2,})\s*(\s+#.)?$") of it) of it, "^\sminlen\s*=\s*([1-9][4-9]|[2-9][0-9]|[1-9][0-9]{2,})\s*(\s+#.)?$", 1) of it) of files “/etc/security/pwquality.conf” and 0 < number of ((it, (if exists it then concatenation “,” of substrings separated by “<!comma>” of it else it) of tuple string items (1 - 1) of concatenation ", " of substrings separated by “<!plural>” of concatenation “<!comma>” of substrings separated by “,” of concatenation “<!plural>” of (if exist matches (regex “<!comma>|<!plural>”) of it then error “Delimiter in string: <!comma>|<!plural>” else it) of lines whose (exist matches (regex "^\spassword\s+(requisite|required)\s+pam_pwquality.so\s+(\S+\s+)(retry=[1-3]|try_first_pass)\s+(\S+\s+)(retry=[1-3]|try_first_pass)\s*(\s+\S+\s*)(\s+#.)?$”) of it) of it, “^\spassword\s+(requisite|required)\s+pam_pwquality.so\s+(\S+\s+)(retry=[1-3]|try_first_pass)\s+(\S+\s+)(retry=[1-3]|try_first_pass)\s(\s+\S+\s*)(\s+#.)?$”, 1) of it) of files “/etc/pam.d/password-auth”)) and 0 < number of ((it, (if exists it then concatenation “,” of substrings separated by “<!comma>” of it else it) of tuple string items (1 - 1) of concatenation ", " of substrings separated by “<!plural>” of concatenation “<!comma>” of substrings separated by “,” of concatenation “<!plural>” of (if exist matches (regex “<!comma>|<!plural>”) of it then error “Delimiter in string: <!comma>|<!plural>” else it) of lines whose (exist matches (regex “^\spassword\s+(requisite|required)\s+pam_pwquality.so\s+(\S+\s+)(retry=[1-3]|try_first_pass)\s+(\S+\s+)(retry=[1-3]|try_first_pass)\s(\s+\S+\s*)(\s+#.)?$”) of it) of it, “^\spassword\s+(requisite|required)\s+pam_pwquality.so\s+(\S+\s+)(retry=[1-3]|try_first_pass)\s+(\S+\s+)(retry=[1-3]|try_first_pass)\s(\s+\S+\s*)(\s+#.)?$”, 1) of it) of files “/etc/pam.d/system-auth”)) and ((((((((0 < number of ((it, (if exists it then concatenation “,” of substrings separated by “<!comma>” of it else it) of tuple string items (1 - 1) of concatenation ", " of substrings separated by “<!plural>” of concatenation “<!comma>” of substrings separated by “,” of concatenation “<!plural>” of (if exist matches (regex “<!comma>|<!plural>”) of it then error “Delimiter in string: <!comma>|<!plural>” else it) of lines whose (exist matches (regex “^\sdcredit\s+=\s±[1-9]\s(\s+#.)?$") of it) of it, "^\sdcredit\s+=\s±[1-9]\s*(\s+#.)?$", 1) of it) of files “/etc/security/pwquality.conf” and 0 < number of ((it, (if exists it then concatenation “,” of substrings separated by “<!comma>” of it else it) of tuple string items (1 - 1) of concatenation ", " of substrings separated by “<!plural>” of concatenation “<!comma>” of substrings separated by “,” of concatenation “<!plural>” of (if exist matches (regex “<!comma>|<!plural>”) of it then error “Delimiter in string: <!comma>|<!plural>” else it) of lines whose (exist matches (regex "^\sucredit\s+=\s±[1-9]\s*(\s+#.)?$") of it) of it, "^\sucredit\s+=\s±[1-9]\s*(\s+#.)?$", 1) of it) of files “/etc/security/pwquality.conf”)) and 0 < number of ((it, (if exists it then concatenation “,” of substrings separated by “<!comma>” of it else it) of tuple string items (1 - 1) of concatenation ", " of substrings separated by “<!plural>” of concatenation “<!comma>” of substrings separated by “,” of concatenation “<!plural>” of (if exist matches (regex “<!comma>|<!plural>”) of it then error “Delimiter in string: <!comma>|<!plural>” else it) of lines whose (exist matches (regex "^\socredit\s+=\s±[1-9]\s*(\s+#.)?$") of it) of it, "^\socredit\s+=\s±[1-9]\s*(\s+#.)?$", 1) of it) of files “/etc/security/pwquality.conf”)) and 0 < number of ((it, (if exists it then concatenation “,” of substrings separated by “<!comma>” of it else it) of tuple string items (1 - 1) of concatenation ", " of substrings separated by “<!plural>” of concatenation “<!comma>” of substrings separated by “,” of concatenation “<!plural>” of (if exist matches (regex “<!comma>|<!plural>”) of it then error “Delimiter in string: <!comma>|<!plural>” else it) of lines whose (exist matches (regex "^\slcredit\s+=\s±[1-9]\s*(\s+#.)?$") of it) of it, "^\slcredit\s+=\s±[1-9]\s*(\s+#.)?$", 1) of it) of files “/etc/security/pwquality.conf”)) or 0 < number of ((it, (if exists it then concatenation “,” of substrings separated by “<!comma>” of it else it) of tuple string items (1 - 1) of concatenation ", " of substrings separated by “<!plural>” of concatenation “<!comma>” of substrings separated by “,” of concatenation “<!plural>” of (if exist matches (regex “<!comma>|<!plural>”) of it then error “Delimiter in string: <!comma>|<!plural>” else it) of lines whose (exist matches (regex "^\sminclass\s+=\s+([1-9][0-9]+|[4-9])\s*(\s+#.)?$") of it) of it, "^\sminclass\s+=\s+([1-9][0-9]+|[4-9])\s*(\s+#.*)?$”, 1) of it) of files “/etc/security/pwquality.conf”))))