removed default state

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 14:23:05 +00:00 · 2022-04-06 16:38:24 +01:00 · 2022-04-06 16:38:24 +01:00 · 02d686f920
commit 02d686f920
parent e27e5276e4
1 changed files with 0 additions and 7 deletions
--- a/tasks/section_5/cis_5.5.x.yml
+++ b/tasks/section_5/cis_5.5.x.yml
@ -5,7 +5,6 @@
      - name: "5.5.1 | PATCH | Ensure password creation requirements are configured | Set pwquality config settings"
        lineinfile:
            path: /etc/security/pwquality.conf
-            state: present
            regexp: ^{{ item.name }}
            line: "{{ item.name }} = {{ item.value }}"
        with_items:
@ -15,7 +14,6 @@
      - name: "5.5.1 | PATCH | Ensure password creation requirements are configured | Set system-auth retry settings"
        lineinfile:
            path: /etc/pam.d/system-auth
-            state: present
            regexp: '^password\s*requisite\s*pam_pwquality.so'
            line: "password    requisite     pam_pwquality.so try_first_pass local_users_only enforce_for_root retry=3"
            insertbefore: '^#?password ?'
@ -23,7 +21,6 @@
      - name: "5.5.1 | PATCH | Ensure password creation requirements are configured | Set system-auth retry settings"
        lineinfile:
            path: /etc/pam.d/password-auth
-            state: present
            regexp: '^password\s*requisite\s*pam_pwquality.so'
            line: "password    requisite     pam_pwquality.so try_first_pass local_users_only enforce_for_root retry=3"
            insertbefore: '^#?password ?'
@ -40,7 +37,6 @@
      - name: "5.5.2 | PATCH | Ensure lockout for failed password attempts is configured | pre RHEL8.2 | Add deny count and unlock time for preauth"
        lineinfile:
            path: /etc/pam.d/{{ item }}
-            state: present
            regexp: '^auth\s*required\s*pam_faillock.so preauth'
            line: "auth        required                                     pam_faillock.so preauth silent deny={{ rhel9cis_pam_faillock.attempts }}{{ (rhel9cis_pam_faillock.fail_for_root) | ternary(' even_deny_root ',' ') }}unlock_time={{ rhel9cis_pam_faillock.unlock_time }}"
            insertafter: '^#?auth ?'
@ -51,7 +47,6 @@
      - name: "5.5.2 | PATCH | Ensure lockout for failed password attempts is configured | pre RHEL8.2 | Add deny count and unlock times for authfail"
        lineinfile:
            path: /etc/pam.d/{{ item }}
-            state: present
            regexp: '^auth\s*required\s*pam_faillock.so authfail'
            line: "auth        required                                     pam_faillock.so authfail deny={{ rhel9cis_pam_faillock.attempts }}{{ (rhel9cis_pam_faillock.fail_for_root) | ternary(' even_deny_root ',' ') }}unlock_time={{ rhel9cis_pam_faillock.unlock_time }}"
            insertafter: '^#?auth ?'
@ -65,7 +60,6 @@
 - name: "5.5.2 | PATCH | Ensure system accounts are secured | RHEL8.2+ "
  lineinfile:
      path: /etc/security/faillock.conf
-      state: present
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
  with_items:
@ -80,7 +74,6 @@
      - name: "5.5.3 | PATCH | Ensure password reuse is limited | pwhistory"
        lineinfile:
            path: /etc/pam.d/system-auth
-            state: present
            line: "password    requisite     pam_pwhistory.so try_first_pass local_users_only enforce_for_root retry=3 remember={{ rhel9cis_pam_faillock.remember }}"
            insertafter: '^password\s*requisite\s*pam_pwquality.so'