updating check and fix text to use new format. (#107)

controls/V-71849.rb

@@ -28,7 +28,7 @@
   tag "documentable": false
   tag "nist": ["AU-9", "AU-9 (3)", "Rev_4"]
   tag "subsystems": [ "permissions", "package", "rpm" ]
-  tag "check": "Verify the file permissions, ownership, and group membership of
+  desc "check", "Verify the file permissions, ownership, and group membership of
 system files and commands match the vendor values.
 
 Check the file permissions, ownership, and group membership of system files and
@@ -39,7 +39,7 @@
 If there is any output from the command indicating that the ownership or group
 of a system file or command, or a system file, has permissions less restrictive
 than the default, this is a finding."
-  tag "fix": "Run the following command to determine which package owns the
+  desc "fix", "Run the following command to determine which package owns the
 file:
 
 # rpm -qf <filename>

controls/V-71855.rb

@@ -33,7 +33,7 @@
   tag "documentable": false
   tag "nist": ["SA-7", "Rev_4"]
   tag "subsystems": ['rpm', 'package']
-  tag "check": "Verify the cryptographic hash of system files and commands
+  desc "check", "Verify the cryptographic hash of system files and commands
 match the vendor values.
 
 Check the cryptographic hash of system files and commands with the following
@@ -46,7 +46,7 @@
 # rpm -Va | grep '^..5'
 
 If there is any output from the command for system binaries, this is a finding."
-  tag "fix": "Run the following command to determine which package owns the
+  desc "fix", "Run the following command to determine which package owns the
 file:
 
 # rpm -qf <filename>

controls/V-71859.rb

@@ -74,7 +74,7 @@
   tag "documentable": false
   tag "nist": ["AC-8 a", "Rev_4"]
   tag "subsystem": [ "gdm" ]
-  tag "check": "Verify the operating system displays the Standard Mandatory DoD
+  desc "check", "Verify the operating system displays the Standard Mandatory DoD
 Notice and Consent Banner before granting access to the operating system via a
 graphical user logon.
 
@@ -89,7 +89,7 @@
 
 If \"banner-message-enable\" is set to \"false\" or is missing, this is a
 finding."
-  tag "fix": "Configure the operating system to display the Standard Mandatory
+  desc "fix", "Configure the operating system to display the Standard Mandatory
 DoD Notice and Consent Banner before granting access to the system.
 
 Note: If the system does not have GNOME installed, this requirement is Not

controls/V-71861.rb

@@ -89,7 +89,7 @@
   tag "documentable": false
   tag "nist": ["AC-8 a", "Rev_4"]
   tag "subsystems": [ "gdm" ]
-  tag "check": "Verify the operating system displays the approved Standard
+  desc "check", "Verify the operating system displays the approved Standard
 Mandatory DoD Notice and Consent Banner before granting access to the operating
 system via a graphical user logon.
 
@@ -127,7 +127,7 @@
 
 If the banner does not match the approved Standard Mandatory DoD Notice and
 Consent Banner, this is a finding."
-  tag "fix": "Configure the operating system to display the approved Standard
+  desc "fix", "Configure the operating system to display the approved Standard
 Mandatory DoD Notice and Consent Banner before granting access to the system.
 
 Note: If the system does not have GNOME installed, this requirement is Not

controls/V-71863.rb

@@ -86,7 +86,7 @@
   tag "documentable": false
   tag "nist": ["AC-8 a", "Rev_4"]
   tag "subsystems": [ "banner", "/etc/issue" ]
-  tag "check": "Verify the operating system displays the Standard Mandatory DoD
+  desc "check", "Verify the operating system displays the Standard Mandatory DoD
 Notice and Consent Banner before granting access to the operating system via a
 command line user logon.
 
@@ -129,7 +129,7 @@
 
 If the text in the \"/etc/issue\" file does not match the Standard Mandatory
 DoD Notice and Consent Banner, this is a finding."
-  tag "fix": "Configure the operating system to display the Standard Mandatory
+  desc "fix", "Configure the operating system to display the Standard Mandatory
 DoD Notice and Consent Banner before granting access to the system via the
 command line by editing the \"/etc/issue\" file.
 

controls/V-71891.rb

@@ -30,7 +30,7 @@
   tag "documentable": false
   tag "nist": ["AC-11 b", "Rev_4"]
   tag "subsystems": [ "session", "lock", "gnome", "screensaver" ]
-  tag "check": "Verify the operating system enables a user's session lock until
+  desc "check", "Verify the operating system enables a user's session lock until
 that user re-establishes access using established identification and
 authentication procedures. The screen program must be installed to lock
 sessions on the console.
@@ -45,7 +45,7 @@
 
 If the \"lock-enabled\" setting is missing or is not set to \"true\", this is a
 finding."
-  tag "fix": "Configure the operating system to enable a user's session lock
+  desc "fix", "Configure the operating system to enable a user's session lock
 until that user re-establishes access using established identification and
 authentication procedures.
 

controls/V-71893.rb

@@ -27,7 +27,7 @@
   tag "documentable": false
   tag "nist": ["AC-11 a", "Rev_4"]
   tag "subsystems": [ "gnome", "screensaver", "session", "lock" ]
-  tag "check": "Verify the operating system initiates a screensaver after a
+  desc "check", "Verify the operating system initiates a screensaver after a
 15-minute period of inactivity for graphical user interfaces. The screen
 program must be installed to lock sessions on the console.
 
@@ -42,7 +42,7 @@
 
 If the \"idle-delay\" setting is missing or is not set to \"900\" or less, this
 is a finding."
-  tag "fix": "Configure the operating system to initiate a screensaver after a
+  desc "fix", "Configure the operating system to initiate a screensaver after a
 15-minute period of inactivity for graphical user interfaces.
 
 Create a database to contain the system-wide screensaver settings (if it does

controls/V-71895.rb

@@ -43,7 +43,7 @@
   tag "cci": "CCI-000057"
   tag "nist": ["AC-11 a", "Rev_4"]
   tag "subsystems": ["gnome3"]
-  tag "check": "Verify the operating system prevents a user from overriding session
+  desc "check", "Verify the operating system prevents a user from overriding session
 lock after a 15-minute period of inactivity for graphical user interfaces. The
 screen program must be installed to lock sessions on the console.
 
@@ -66,7 +66,7 @@
 /org/gnome/desktop/screensaver/idle-delay
 
 If the command does not return a result, this is a finding."
-  tag "fix": "Configure the operating system to prevent a user from overriding a
+  desc "fix", "Configure the operating system to prevent a user from overriding a
 session lock after a 15-minute period of inactivity for graphical user interfaces.
 
 Create a database to contain the system-wide screensaver settings (if it does not

controls/V-71897.rb

@@ -22,15 +22,15 @@
   tag "documentable": false
   tag "nist": ["AC-11 a", "Rev_4"]
   tag "subsystems": ["screen", "lock", "session"]
-  tag "check": "Verify the operating system has the screen package installed.
+  desc "check", "Verify the operating system has the screen package installed.
 
 Check to see if the screen package is installed with the following command:
 
 # yum list installed | grep screen
 screen-4.3.1-3-x86_64.rpm
 
 If is not installed, this is a finding."
-  tag "fix": "Install the screen package to allow the initiation a session lock
+  desc "fix", "Install the screen package to allow the initiation a session lock
 after a 15-minute period of inactivity for graphical users interfaces.
 
 Install the screen program (if it is not on the system) with the following

controls/V-71899.rb

@@ -27,7 +27,7 @@
   tag "documentable": false
   tag "nist": ["AC-11 a", "Rev_4"]
   tag "subsystems": ["gnome3", "session", "lock"]
-  tag "check": "Verify the operating system initiates a session lock after a
+  desc "check", "Verify the operating system initiates a session lock after a
 15-minute period of inactivity for graphical user interfaces. The screen
 program must be installed to lock sessions on the console.
 
@@ -40,7 +40,7 @@
 idle-activation-enabled=true
 
 If \"idle-activation-enabled\" is not set to \"true\", this is a finding."
-  tag "fix": "Configure the operating system to initiate a session lock after a
+  desc "fix", "Configure the operating system to initiate a session lock after a
 15-minute period of inactivity for graphical user interfaces.
 
 Create a database to contain the system-wide screensaver settings (if it does

controls/V-71901.rb

@@ -33,7 +33,7 @@
   tag "documentable": false
   tag "nist": ["AC-11 a", "Rev_4"]
   tag "subsystems": ["gnome3", "screensaver", "lock", "session"]
-  tag "check": "Verify the operating system initiates a session lock a for
+  desc "check", "Verify the operating system initiates a session lock a for
 graphical user interfaces when the screensaver is activated.
 
 Note: If the system does not have GNOME installed, this requirement is Not
@@ -48,7 +48,7 @@
 
 If the \"lock-delay\" setting is missing, or is not set to \"5\" or less, this is
 a finding."
-  tag "fix": "Configure the operating system to initiate a session lock for
+  desc "fix", "Configure the operating system to initiate a session lock for
 graphical user interfaces when a screensaver is activated.
 
 Create a database to contain the system-wide screensaver settings (if it does

controls/V-71903.rb

@@ -23,7 +23,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (a)", "Rev_4"]
   tag "subsystems": ['pam', 'pwquality', 'password']
-  tag "check": "Note: The value to require a number of upper-case characters to
+  desc "check", "Note: The value to require a number of upper-case characters to
 be set is expressed as a negative number in \"/etc/security/pwquality.conf\".
 
 Check the value for \"ucredit\" in \"/etc/security/pwquality.conf\" with the
@@ -33,7 +33,7 @@
 ucredit = -1
 
 If the value of \"ucredit\" is not set to a negative value, this is a finding."
-  tag "fix": "Configure the operating system to enforce password complexity by
+  desc "fix", "Configure the operating system to enforce password complexity by
 requiring that at least one upper-case character be used by setting the
 \"ucredit\" option.
 

controls/V-71905.rb

@@ -23,7 +23,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (a)", "Rev_4"]
   tag "subsystems": ['pam', 'pwquality', 'password']
-  tag "check": "Note: The value to require a number of lower-case characters to
+  desc "check", "Note: The value to require a number of lower-case characters to
 be set is expressed as a negative number in \"/etc/security/pwquality.conf\".
 
 Check the value for \"lcredit\" in \"/etc/security/pwquality.conf\" with the
@@ -33,7 +33,7 @@
 lcredit = -1
 
 If the value of \"lcredit\" is not set to a negative value, this is a finding."
-  tag "fix": "Configure the operating system to lock an account for the maximum
+  desc "fix", "Configure the operating system to lock an account for the maximum
 period when three unsuccessful logon attempts in 15 minutes are made.
 
 Modify the first three lines of the \"auth\" section of the

controls/V-71907.rb

@@ -23,7 +23,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (a)", "Rev_4"]
   tag "subsystems": ['pam', 'pwquality', 'password']
-  tag "check": "Note: The value to require a number of numeric characters to be
+  desc "check", "Note: The value to require a number of numeric characters to be
 set is expressed as a negative number in \"/etc/security/pwquality.conf\".
 
 Check the value for \"dcredit\" in \"/etc/security/pwquality.conf\" with the
@@ -33,7 +33,7 @@
 dcredit = -1
 
 If the value of \"dcredit\" is not set to a negative value, this is a finding."
-  tag "fix": "Configure the operating system to enforce password complexity by
+  desc "fix", "Configure the operating system to enforce password complexity by
 requiring that at least one numeric character be used by setting the
 \"dcredit\" option.
 

controls/V-71909.rb

@@ -23,7 +23,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (a)", "Rev_4"]
   tag "subsystems": ['pam', 'pwquality', 'password']
-  tag "check": "Verify the operating system enforces password complexity by
+  desc "check", "Verify the operating system enforces password complexity by
 requiring that at least one special character be used.
 
 Note: The value to require a number of special characters to be set is
@@ -36,7 +36,7 @@
 ocredit=-1
 
 If the value of \"ocredit\" is not set to a negative value, this is a finding."
-  tag "fix": "Configure the operating system to enforce password complexity by
+  desc "fix", "Configure the operating system to enforce password complexity by
 requiring that at least one special character be used by setting the
 \"dcredit\" option.
 

controls/V-71911.rb

@@ -28,7 +28,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (b)", "Rev_4"]
   tag "subsystems": ['pam', 'pwquality', 'password']
-  tag "check": "The \"difok\" option sets the number of characters in a
+  desc "check", "The \"difok\" option sets the number of characters in a
 password that must not be present in the old password.
 
 Check for the value of the \"difok\" option in \"/etc/security/pwquality.conf\"
@@ -38,7 +38,7 @@
 difok = 8
 
 If the value of \"difok\" is set to less than \"8\", this is a finding."
-  tag "fix": "Configure the operating system to require the change of at least
+  desc "fix", "Configure the operating system to require the change of at least
 eight of the total number of characters when passwords are changed by setting
 the \"difok\" option.
 

controls/V-71913.rb

@@ -26,7 +26,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (b)", "Rev_4"]
   tag "subsystems": ['pam', 'pwquality', 'password']
-  tag "check": "The \"minclass\" option sets the minimum number of required
+  desc "check", "The \"minclass\" option sets the minimum number of required
 classes of characters for the new password (digits, upper-case, lower-case,
 others).
 
@@ -37,7 +37,7 @@
 minclass = 4
 
 If the value of \"minclass\" is set to less than \"4\", this is a finding."
-  tag "fix": "Configure the operating system to require the change of at least
+  desc "fix", "Configure the operating system to require the change of at least
 four character classes when passwords are changed by setting the \"minclass\"
 option.
 

controls/V-71915.rb

@@ -26,7 +26,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (b)", "Rev_4"]
   tag "subsystems": ['pam', 'pwquality', 'password']
-  tag "check": "The \"maxrepeat\" option sets the maximum number of allowed
+  desc "check", "The \"maxrepeat\" option sets the maximum number of allowed
 same consecutive characters in a new password.
 
 Check for the value of the \"maxrepeat\" option in
@@ -36,7 +36,7 @@
 maxrepeat = 3
 
 If the value of \"maxrepeat\" is set to more than \"3\", this is a finding."
-  tag "fix": "Configure the operating system to require the change of the
+  desc "fix", "Configure the operating system to require the change of the
 number of repeating consecutive characters when passwords are changed by
 setting the \"maxrepeat\" option.
 

controls/V-71917.rb

@@ -26,7 +26,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (b)", "Rev_4"]
   tag "subsystems": ['pam', 'pwquality', 'password']
-  tag "check": "The \"maxclassrepeat\" option sets the maximum number of
+  desc "check", "The \"maxclassrepeat\" option sets the maximum number of
 allowed same consecutive characters in the same class in the new password.
 
 Check for the value of the \"maxclassrepeat\" option in
@@ -37,7 +37,7 @@
 
 If the value of \"maxclassrepeat\" is set to more than \"4\", this is a
 finding."
-  tag "fix": "Configure the operating system to require the change of the
+  desc "fix", "Configure the operating system to require the change of the
 number of repeating characters of the same character class when passwords are
 changed by setting the \"maxclassrepeat\" option.
 

controls/V-71919.rb

@@ -20,7 +20,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (c)", "Rev_4"]
   tag "subsystems": ['pam', 'password']
-  tag "check": "Verify the PAM system service is configured to store only
+  desc "check", "Verify the PAM system service is configured to store only
 encrypted representations of passwords. The strength of encryption that must be
 used to hash passwords for all accounts is SHA512.
 
@@ -32,7 +32,7 @@
 
 If the \"/etc/pam.d/system-auth-ac\" configuration files allow for password
 hashes other than SHA512 to be used, this is a finding."
-  tag "fix": "Configure the operating system to store only SHA512 encrypted
+  desc "fix", "Configure the operating system to store only SHA512 encrypted
 representations of passwords.
 
 Add the following line in \"/etc/pam.d/system-auth-ac\":

controls/V-71921.rb

@@ -20,7 +20,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (c)", "Rev_4"]
   tag "subsystems": ['login_defs', 'password']
-  tag "check": "Verify the system's shadow file is configured to store only
+  desc "check", "Verify the system's shadow file is configured to store only
 encrypted representations of passwords. The strength of encryption that must be
 used to hash passwords for all accounts is SHA512.
 
@@ -32,7 +32,7 @@
 
 If the \"/etc/login.defs\" configuration file does not exist or allows for
 password hashes other than SHA512 to be used, this is a finding."
-  tag "fix": "Configure the operating system to store only SHA512 encrypted
+  desc "fix", "Configure the operating system to store only SHA512 encrypted
 representations of passwords.
 
 Add or update the following line in \"/etc/login.defs\":

controls/V-71923.rb

@@ -20,7 +20,7 @@
   tag "documentable": false
   tag "nist": ["IA-5 (1) (c)", "Rev_4"]
   tag "subsystems": ['libuser_conf', 'password']
-  tag "check": "Verify the user and group account administration utilities are
+  desc "check", "Verify the user and group account administration utilities are
 configured to store only encrypted representations of passwords. The strength
 of encryption that must be used to hash passwords for all accounts is
 \"SHA512\".
@@ -34,7 +34,7 @@
 
 If the \"crypt_style\" variable is not set to \"sha512\", is not in the
 defaults section, or does not exist, this is a finding."
-  tag "fix": "Configure the operating system to store only SHA512 encrypted
+  desc "fix", "Configure the operating system to store only SHA512 encrypted
 representations of passwords.
 
 Add or update the following line in \"/etc/libuser.conf\" in the [defaults]