From 40e4f147cab59f63d5d489482b820de8cc783f36 Mon Sep 17 00:00:00 2001 From: Bob Gendler Date: Wed, 30 Aug 2023 12:22:24 -0400 Subject: [PATCH] Added ODV in more places --- .../pwpolicy_lower_upper_case_character_enforce.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/pwpolicy/pwpolicy_lower_upper_case_character_enforce.yaml b/rules/pwpolicy/pwpolicy_lower_upper_case_character_enforce.yaml index adae3bd2..76e1e37c 100644 --- a/rules/pwpolicy/pwpolicy_lower_upper_case_character_enforce.yaml +++ b/rules/pwpolicy/pwpolicy_lower_upper_case_character_enforce.yaml @@ -1,7 +1,7 @@ id: pwpolicy_lower_upper_case_character_enforce -title: "Require Passwords Contain a Minimum of One Lowercase Character and One Uppercase Character" +title: "Require Passwords Contain a Minimum of $ODV Lowercase Character and $ODV Uppercase Character" discussion: | - The macOS _MUST_ be configured to require at least one lower-case character and one upper-case character be used when a password is created. + The macOS _MUST_ be configured to require at least $ODV lower-case character and $ODV upper-case character be used when a password is created. This rule enforces password complexity by requiring users to set passwords that are less vulnerable to malicious users. @@ -9,7 +9,7 @@ discussion: | NOTE: The configuration profile generated must be installed from an MDM server. check: | - /usr/bin/pwpolicy -getaccountpolicies 2> /dev/null | /usr/bin/tail +2 | /usr/bin/xmllint --xpath 'boolean(//*[contains(text(),"policyAttributePassword matches '\''.*[A-Z]{1,}[a-z]{1,}.*'\''")])' - + /usr/bin/pwpolicy -getaccountpolicies 2> /dev/null | /usr/bin/tail +2 | /usr/bin/xmllint --xpath 'boolean(//*[contains(text(),"policyAttributePassword matches '\''.*[A-Z]{$ODV,}[a-z]{$ODV,}.*'\''")])' - result: string: "true" fix: |