incorporate the rule into rhel9 stig profile

Author: vojtapolasek

controls/stig_rhel9.yml

@@ -2783,9 +2783,11 @@ controls:
             RHEL 9 must ensure the password complexity module in the system-auth file
             is configured for three retries or less.
         rules:
-            - accounts_password_pam_retry
+            - accounts_password_pam_pwquality_conf_retry
             - var_password_pam_retry=3
         status: automated
+        notes: |-
+            We check only the /etc/security/pwquality.conf, rule should be extended to check also /etc/security/pwquality.conf.d directory content.
 
     -   id: RHEL-09-611025
         levels:

linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_libpwquality/accounts_password_pam_pwquality_conf_retry/rule.yml

@@ -21,6 +21,10 @@ severity: medium
 identifiers:
     cce@rhel9: CCE-86492-6
 
+references:
+    disa: CCI-004066,CCI-000192
+    srg: SRG-OS-000069-GPOS-00037
+
 ocil_clause: 'the value of "retry" is set to "0" or greater than "{{{ xccdf_value("var_password_pam_retry") }}}", or is missing'
 
 ocil: |-

tests/data/profile_stability/rhel9/stig.profile

@@ -55,7 +55,7 @@ selections:
 - accounts_password_pam_ocredit
 - accounts_password_pam_pwquality_password_auth
 - accounts_password_pam_pwquality_system_auth
-- accounts_password_pam_retry
+- accounts_password_pam_pwquality_conf_retry
 - accounts_password_pam_ucredit
 - accounts_password_pam_unix_rounds_password_auth
 - accounts_password_pam_unix_rounds_system_auth

tests/data/profile_stability/rhel9/stig_gui.profile

@@ -67,7 +67,7 @@ selections:
 - accounts_password_pam_ocredit
 - accounts_password_pam_pwquality_password_auth
 - accounts_password_pam_pwquality_system_auth
-- accounts_password_pam_retry
+- accounts_password_pam_pwquality_conf_retry
 - accounts_password_pam_ucredit
 - accounts_password_pam_unix_rounds_password_auth
 - accounts_password_pam_unix_rounds_system_auth