e57593dfd4
With the upcoming changes to rebase onto the RHEL 7 STIG controls, there needs to be a new solution for documentation that is easier to manage and filter. This patch automates the generation of the STIG control documentation in the following way: * A Sphinx extension runs early in the doc build process that writes all of the individual STIG control docs as well as ToC pages. * ToC pages are now sorted by severity, tag, and implementation status. * A giant listing of controls is easier to navigate now. * Docs are generated from metadata in the /doc/metadata directory. New documentation only needs to be added there. (Will explain this in the developer notes in a subsequent patch.) Implements: blueprint security-rhel7-stig Change-Id: I455af1121049f52193e98e2c9cb1ba5d4c292386
20 lines
686 B
ReStructuredText
20 lines
686 B
ReStructuredText
---
|
|
id: V-38496
|
|
status: exception
|
|
tag: misc
|
|
---
|
|
|
|
**Exception**
|
|
|
|
The Ansible tasks will check for default system accounts (other than root)
|
|
that are not locked. The tasks won't take any action, however, because
|
|
any action could cause authorized users to be unable to access the system.
|
|
However, if any unlocked default system accounts are found, the playbook will
|
|
fail with an error message until the user accounts are locked.
|
|
|
|
Deployers who intentionally want to skip this step should use
|
|
``--skip-tags V-38496`` to avoid a playbook failure on this check.
|
|
|
|
Deployers are urged to audit the accounts on their systems and lock any users
|
|
that don't need to log in via consoles or via ssh.
|