e57593dfd4
With the upcoming changes to rebase onto the RHEL 7 STIG controls, there needs to be a new solution for documentation that is easier to manage and filter. This patch automates the generation of the STIG control documentation in the following way: * A Sphinx extension runs early in the doc build process that writes all of the individual STIG control docs as well as ToC pages. * ToC pages are now sorted by severity, tag, and implementation status. * A giant listing of controls is easier to navigate now. * Docs are generated from metadata in the /doc/metadata directory. New documentation only needs to be added there. (Will explain this in the developer notes in a subsequent patch.) Implements: blueprint security-rhel7-stig Change-Id: I455af1121049f52193e98e2c9cb1ba5d4c292386
686 B
686 B
---id: V-38496 status: exception tag: misc ---
Exception
The Ansible tasks will check for default system accounts (other than root) that are not locked. The tasks won't take any action, however, because any action could cause authorized users to be unable to access the system. However, if any unlocked default system accounts are found, the playbook will fail with an error message until the user accounts are locked.
Deployers who intentionally want to skip this step should use
--skip-tags V-38496 to avoid a playbook failure on this
check.
Deployers are urged to audit the accounts on their systems and lock any users that don't need to log in via consoles or via ssh.