From e112f21a5598432d47f24955c8fac410c135f97c Mon Sep 17 00:00:00 2001
From: Alan Moore <alan.moore@canonical.com>
Date: Thu, 2 Jan 2025 18:31:54 +0000
Subject: [PATCH] Implement rule 5.3.3.4.3 Ensure pam_unix includes a strong
 password hashing algorithm

---
 controls/cis_ubuntu2404.yml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
index 74b56aa1cae..0fcdd4d2c63 100644
--- a/controls/cis_ubuntu2404.yml
+++ b/controls/cis_ubuntu2404.yml
@@ -2048,11 +2048,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    related_rules:
-      - var_password_hashing_algorithm=yescrypt
-      - set_password_hashing_algorithm_logindefs
-    status: planned
-    notes: TODO. Partial/incorrect implementation exists.See related rules. Analogous to ubuntu2204/5.4.4.
+    rules:
+      - var_password_hashing_algorithm_pam=yescrypt
+      - set_password_hashing_algorithm_systemauth
+    status: automated
 
   - id: 5.3.3.4.4
     title: Ensure pam_unix includes use_authtok (Automated)