simp-useradd fails compliance test

Description

disa_stig-el7 profile resulted in 9 errors:
Control: A separate file system must be used for user home
directories (such as
/home or an equivalent). => { vagrant with mountpoint / is expected not to match /^\/$/ }
Status: failed
File: /tmp/inspec/inspec_deps/inspec_profiles/profiles/disa_stig-el7-baseline/controls/V-72059.rb
Control: Passwords must be restricted to a 24 hours/1 day minimum
lifetime. => { /etc/shadow with user == "nfsnobody" min_days.first.to_i is expected to cmp >= 1 }
Status: failed
File: /tmp/inspec/inspec_deps/inspec_profiles/profiles/disa_stig-el7-baseline/controls/V-71927.rb

Control: Passwords must be restricted to a 24 hours/1 day minimum
lifetime. => { /etc/shadow with user == "vagrant" min_days.first.to_i is expected to cmp >= 1 }
Status: failed
File: /tmp/inspec/inspec_deps/inspec_profiles/profiles/disa_stig-el7-baseline/controls/V-71927.rb
Control: Existing passwords must be restricted to a 60-day maximum
lifetime. => { /etc/shadow with user == "vagrant" max_days.first.to_i is expected to cmp <= 60 }
Status: failed
File: /tmp/inspec/inspec_deps/inspec_profiles/profiles/disa_stig-el7-baseline/controls/V-71931.rb
Control: The system must not have unnecessary accounts. => { /etc/passwd users is expected to be in "root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", and "systemd-bus-proxy" }
Status: failed
File: /tmp/inspec/inspec_deps/inspec_profiles/profiles/disa_stig-el7-baseline/controls/V-72001.rb
Control: The system must not have unnecessary accounts. => { /etc/passwd users is expected not to be in "games", "gopher", and "ftp" }
Status: failed
File: /tmp/inspec/inspec_deps/inspec_profiles/profiles/disa_stig-el7-baseline/controls/V-72001.rb
Control: All network connections associated with a communication
session must
be terminated at the end of the session or after 10 minutes
of inactivity from
the user at a command prompt, except to fulfill documented
and validated
mission requirements. => { Environment variable TMOUT content is expected to be <= 600 }
Status: failed
File: /tmp/inspec/inspec_deps/inspec_profiles/profiles/disa_stig-el7-baseline/controls/V-72223.rb
Control: The operating system must generate audit records for all
account
creations, modifications, disabling, and termination events
that affect
/etc/gshadow. => { Auditd Rules with file == "/etc/gshadow" permissions is expected not to cmp == [] }
Status: failed
File: /tmp/inspec/inspec_deps/inspec_profiles/profiles/disa_stig-el7-baseline/controls/V-73167.rb
Control: The operating system must generate audit records for all
account
creations, modifications, disabling, and termination events
that affect
/etc/opasswd. => { Auditd Rules with file == "/etc/security/opasswd" permissions is expected not to cmp == [] }
Status: failed
File: /tmp/inspec/inspec_deps/inspec_profiles/profiles/disa_stig-el7-baseline/controls/V-73173.rb

Acceptance Criteria

None

Labels

Epic Link

None

Story Points

None

Components

Sprint

Priority

Medium
Configure