Improve comments and small updates after review

ComplianceAsCode · Dec 13, 2021 · c79db43 · c79db43
1 parent 713f1b8
commit c79db43
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 36 deletions.
diff --git a/...ts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/shared.xml b/...ts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/shared.xml
@@ -34,8 +34,8 @@
         </criteria>
       </criteria>
 
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf always
-           when possible. But due to backwards compatibility, they are also allowed in pam files
+      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
+           possible. But due to backwards compatibility, they are also allowed in pam files
            directly. In case they are defined in both places, pam files have precedence and this
            may confuse the assessment. The following tests ensure only one option is used. Note
            that if faillock.conf is available, authselect tool only manage parameters on it -->
@@ -105,7 +105,7 @@
   <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
   <ind:textfilecontent54_object version="1"
         id="object_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-        comment="Get all occcurencies of pam_unix.so in auth section of system-auth">
+        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
     <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
     <ind:pattern operation="pattern match"
                  var_ref="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"/>
@@ -115,14 +115,14 @@
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
         id="test_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-        comment="Only one occurrence of pam_unix.so is expected in auth section of system-auth">
+        comment="No more than one pam_unix.so is expected in auth section of system-auth">
     <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"/>
   </ind:textfilecontent54_test>
 
   <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
   <ind:textfilecontent54_object version="1"
         id="object_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-        comment="Get all occcurencies of pam_unix.so in auth section of password-auth">
+        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
     <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
     <ind:pattern operation="pattern match"
                  var_ref="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"/>
@@ -131,7 +131,7 @@
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
         id="test_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-        comment="Only one occurrence of pam_unix.so is expected in auth section of password-auth">
+        comment="No more than one pam_unix.so is expected in auth section of password-auth">
     <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"/>
   </ind:textfilecontent54_test>
 
@@ -145,7 +145,7 @@
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>
 
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
+  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
         id="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
         comment="One and only one occurrence is expected in auth section of system-auth">
     <ind:object
@@ -161,7 +161,7 @@
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>
 
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
+  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
         id="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
         comment="One and only one occurrence is expected in auth section of system-auth">
     <ind:object
@@ -178,7 +178,7 @@
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>
 
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
+  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
         id="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
         comment="One and only one occurrence is expected in auth section of password-auth">
     <ind:object
@@ -194,7 +194,7 @@
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>
 
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
+  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
         id="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
         comment="One and only one occurrence is expected in auth section of password-auth">
     <ind:object

diff --git a/...m/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/oval/shared.xml b/...m/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/oval/shared.xml
@@ -37,8 +37,8 @@
         </criteria>
       </criteria>
 
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf always
-           when possible. But due to backwards compatibility, they are also allowed in pam files
+      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
+           possible. But due to backwards compatibility, they are also allowed in pam files
            directly. In case they are defined in both places, pam files have precedence and this
            may confuse the assessment. The following tests ensure only one option is used. Note
            that if faillock.conf is available, authselect tool only manage parameters on it -->
@@ -109,7 +109,7 @@
   <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
   <ind:textfilecontent54_object version="1"
         id="object_accounts_passwords_pam_faillock_deny_root_system_pam_unix_auth"
-        comment="Get all occcurencies of pam_unix.so in auth section of system-auth">
+        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
     <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
     <ind:pattern operation="pattern match"
                  var_ref="var_accounts_passwords_pam_faillock_deny_root_pam_unix_regex"/>
@@ -119,14 +119,14 @@
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
         id="test_accounts_passwords_pam_faillock_deny_root_system_pam_unix_auth"
-        comment="Only one occurrence of pam_unix.so is expected in auth section of system-auth">
+        comment="No more than one pam_unix.so is expected in auth section of system-auth">
     <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_root_system_pam_unix_auth"/>
   </ind:textfilecontent54_test>
 
   <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
   <ind:textfilecontent54_object version="1"
         id="object_accounts_passwords_pam_faillock_deny_root_password_pam_unix_auth"
-        comment="Get all occcurencies of pam_unix.so in auth section of password-auth">
+        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
     <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
     <ind:pattern operation="pattern match"
                  var_ref="var_accounts_passwords_pam_faillock_deny_root_pam_unix_regex"/>
@@ -135,7 +135,7 @@
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
         id="test_accounts_passwords_pam_faillock_deny_root_password_pam_unix_auth"
-        comment="Only one occurrence of pam_unix.so is expected in auth section of password-auth">
+        comment="No more than one pam_unix.so is expected in auth section of password-auth">
     <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_root_password_pam_unix_auth"/>
   </ind:textfilecontent54_test>
 
@@ -149,7 +149,7 @@
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>
 
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
+  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
         id="test_accounts_passwords_pam_faillock_deny_root_system_pam_faillock_auth"
         comment="One and only one pattern occurrence is expected in auth section of system-auth">
     <ind:object
@@ -165,7 +165,7 @@
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>
 
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
+  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
       id="test_accounts_passwords_pam_faillock_deny_root_system_pam_faillock_account"
       comment="One and only one pattern occurrence is expected in account section of system-auth">
     <ind:object
@@ -182,7 +182,7 @@
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>
 
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
+  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
         id="test_accounts_passwords_pam_faillock_deny_root_password_pam_faillock_auth"
         comment="One and only one pattern occurrence is expected in auth section of system-auth">
     <ind:object
@@ -198,7 +198,7 @@
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>
 
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
+  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
         id="test_accounts_passwords_pam_faillock_deny_root_password_pam_faillock_account"
     comment="One and only one pattern occurrence is expected in account section of password-auth">
     <ind:object

diff --git a/...cking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/oval/shared.xml b/...cking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/oval/shared.xml
@@ -72,7 +72,7 @@
   <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
   <ind:textfilecontent54_object version="1"
         id="object_accounts_passwords_pam_faillock_enforce_local_system_pam_unix_auth"
-        comment="Get all occcurencies of pam_unix.so in auth section of system-auth">
+        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
     <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
     <ind:pattern operation="pattern match"
                  var_ref="var_accounts_passwords_pam_faillock_enforce_local_pam_unix_regex"/>
@@ -82,14 +82,14 @@
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
         id="test_accounts_passwords_pam_faillock_enforce_local_system_pam_unix_auth"
-        comment="Only one occurrence of pam_unix.so is expected in auth section of system-auth">
+        comment="No more than one pam_unix.so is expected in auth section of system-auth">
     <ind:object object_ref="object_accounts_passwords_pam_faillock_enforce_local_system_pam_unix_auth"/>
   </ind:textfilecontent54_test>
 
   <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
   <ind:textfilecontent54_object version="1"
         id="object_accounts_passwords_pam_faillock_enforce_local_password_pam_unix_auth"
-        comment="Get all occcurencies of pam_unix.so in auth section of password-auth">
+        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
     <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
     <ind:pattern operation="pattern match"
                  var_ref="var_accounts_passwords_pam_faillock_enforce_local_pam_unix_regex"/>
@@ -98,7 +98,7 @@
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
         id="test_accounts_passwords_pam_faillock_enforce_local_password_pam_unix_auth"
-        comment="Only one occurrence of pam_unix.so is expected in auth section of password-auth">
+        comment="No more than one pam_unix.so is expected in auth section of password-auth">
     <ind:object object_ref="object_accounts_passwords_pam_faillock_enforce_local_password_pam_unix_auth"/>
   </ind:textfilecontent54_test>
 

diff --git a/...am/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/oval/shared.xml b/...am/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/oval/shared.xml
@@ -34,8 +34,8 @@
         </criteria>
       </criteria>
 
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf always
-           when possible. But due to backwards compatibility, they are also allowed in pam files
+      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
+           possible. But due to backwards compatibility, they are also allowed in pam files
            directly. In case they are defined in both places, pam files have precedence and this
            may confuse the assessment. The following tests ensure only one option is used. Note
            that if faillock.conf is available, authselect tool only manage parameters on this file
@@ -107,7 +107,7 @@
   <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
   <ind:textfilecontent54_object version="1"
         id="object_accounts_passwords_pam_faillock_interval_system_pam_unix_auth"
-        comment="Get all occcurencies of pam_unix.so in auth section of system-auth">
+        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
     <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
     <ind:pattern operation="pattern match"
                  var_ref="var_accounts_passwords_pam_faillock_interval_pam_unix_regex"/>
@@ -117,14 +117,14 @@
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
         id="test_accounts_passwords_pam_faillock_interval_system_pam_unix_auth"
-        comment="Only one occurrence of pam_unix.so is expected in auth section of system-auth">
+        comment="No more than one pam_unix.so is expected in auth section of system-auth">
     <ind:object object_ref="object_accounts_passwords_pam_faillock_interval_system_pam_unix_auth"/>
   </ind:textfilecontent54_test>
 
   <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
   <ind:textfilecontent54_object version="1"
         id="object_accounts_passwords_pam_faillock_interval_password_pam_unix_auth"
-        comment="Get all occcurencies of pam_unix.so in auth section of password-auth">
+        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
     <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
     <ind:pattern operation="pattern match"
                  var_ref="var_accounts_passwords_pam_faillock_interval_pam_unix_regex"/>
@@ -133,7 +133,7 @@
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
         id="test_accounts_passwords_pam_faillock_interval_password_pam_unix_auth"
-        comment="Only one occurrence of pam_unix.so is expected in auth section of password-auth">
+        comment="No more than one pam_unix.so is expected in auth section of password-auth">
     <ind:object object_ref="object_accounts_passwords_pam_faillock_interval_password_pam_unix_auth"/>
   </ind:textfilecontent54_test>
 

diff --git a/...locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/shared.xml b/...locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/shared.xml
@@ -34,8 +34,8 @@
         </criteria>
       </criteria>
 
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf always
-           when possible. But due to backwards compatibility, they are also allowed in pam files
+      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
+           possible. But due to backwards compatibility, they are also allowed in pam files
            directly. In case they are defined in both places, pam files have precedence and this
            may confuse the assessment. The following tests ensure only one option is used. Note
            that if faillock.conf is available, authselect tool only manage parameters on this file
@@ -107,7 +107,7 @@
   <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
   <ind:textfilecontent54_object version="1"
         id="object_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"
-        comment="Get all occcurencies of pam_unix.so in auth section of system-auth">
+        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
     <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
     <ind:pattern operation="pattern match"
                  var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_unix_regex"/>
@@ -117,14 +117,14 @@
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
         id="test_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"
-        comment="Only one occurrence of pam_unix.so is expected in auth section of system-auth">
+        comment="No more than one pam_unix.so is expected in auth section of system-auth">
     <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"/>
   </ind:textfilecontent54_test>
 
   <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
   <ind:textfilecontent54_object version="1"
         id="object_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"
-        comment="Get all occcurencies of pam_unix.so in auth section of password-auth">
+        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
     <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
     <ind:pattern operation="pattern match"
                  var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_unix_regex"/>
@@ -133,7 +133,7 @@
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
         id="test_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"
-        comment="Only one occurrence of pam_unix.so is expected in auth section of password-auth">
+        comment="No more than one pam_unix.so is expected in auth section of password-auth">
     <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"/>
   </ind:textfilecontent54_test>