From 5ac0805abffed2ae9708be3e9cedcc30fc09a975 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Wed, 18 Dec 2024 13:48:02 -0600
Subject: [PATCH 1/2] Use yescript in RHEL 10

---
 controls/srg_gpos/SRG-OS-000073-GPOS-00041.yml | 5 ++---
 controls/srg_gpos/SRG-OS-000120-GPOS-00061.yml | 1 -
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/controls/srg_gpos/SRG-OS-000073-GPOS-00041.yml b/controls/srg_gpos/SRG-OS-000073-GPOS-00041.yml
index 4e5ca1b9545..c11316e4a3c 100644
--- a/controls/srg_gpos/SRG-OS-000073-GPOS-00041.yml
+++ b/controls/srg_gpos/SRG-OS-000073-GPOS-00041.yml
@@ -10,7 +10,6 @@ controls:
             - set_password_hashing_algorithm_logindefs
             - set_password_hashing_algorithm_systemauth
             - set_password_hashing_min_rounds_logindefs
-            - accounts_password_all_shadowed_sha512
-            - var_password_hashing_algorithm_pam=sha512
-            - var_password_pam_unix_rounds=5000
+            - var_password_hashing_algorithm_pam=yescrypt
+            - var_password_pam_unix_rounds=5
         status: automated
diff --git a/controls/srg_gpos/SRG-OS-000120-GPOS-00061.yml b/controls/srg_gpos/SRG-OS-000120-GPOS-00061.yml
index fd962d2a155..ef053224d60 100644
--- a/controls/srg_gpos/SRG-OS-000120-GPOS-00061.yml
+++ b/controls/srg_gpos/SRG-OS-000120-GPOS-00061.yml
@@ -6,7 +6,6 @@ controls:
             federal laws, Executive orders, directives, policies, regulations, standards,
             and guidance for authentication to a cryptographic module.
         rules:
-            - accounts_password_all_shadowed_sha512
             - package_rsyslog-gnutls_installed
             - libreswan_approved_tunnels
             - set_password_hashing_algorithm_passwordauth

From 958743d102f490137ef2a2f5d62b3b31e875a14e Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Thu, 19 Dec 2024 08:51:46 -0600
Subject: [PATCH 2/2] Add 5 to var_password_pam_unix_rounds

---
 .../password_storage/var_password_pam_unix_rounds.var            | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/var_password_pam_unix_rounds.var b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/var_password_pam_unix_rounds.var
index 5dd4c7d7c19..fc6e7601103 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/var_password_pam_unix_rounds.var
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/var_password_pam_unix_rounds.var
@@ -17,3 +17,4 @@ options:
     5000: 5000
     65536: 65536
     11: 11
+    5: 5