From 0856639ab5041d3db6ad914ec3a7f1fb326661ae Mon Sep 17 00:00:00 2001
From: "root@DERVISHx" <nuno.carvalho@siemens.com>
Date: Wed, 25 Oct 2023 15:03:43 +0100
Subject: [PATCH] 5.6.1.x Test with shell.

Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
---
 tasks/section_5/cis_5.6.1.x.yml | 12 ++++++++++++
 vars/RedHat.yml                 |  1 +
 2 files changed, 13 insertions(+)

diff --git a/tasks/section_5/cis_5.6.1.x.yml b/tasks/section_5/cis_5.6.1.x.yml
index 3d59a16..fc31ba2 100644
--- a/tasks/section_5/cis_5.6.1.x.yml
+++ b/tasks/section_5/cis_5.6.1.x.yml
@@ -28,6 +28,18 @@
       - password
       - rule_5.6.1.2
 
+- name: "5.6.1.2 | PATCH | Set existing users"
+  ansible.builtin.shell: getent passwd | awk -F: '$3 >= {{ usr_min_uid}} { print "echo "$1";chage -m {{ min_days }} -M {{ min_days }}"$1}'
+        
+  when:
+      - rhel9cis_rule_5_6_1_2
+  tags:
+      - level1-server
+      - level1-workstation
+      - patch
+      - password
+      - rule_5.6.1.2
+
 - name: "5.6.1.3 | PATCH | Ensure password expiration warning days is 7 or more"
   ansible.builtin.lineinfile:
       path: /etc/login.defs
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index 01c0817..8e0db7b 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -16,3 +16,4 @@ rhel9cis_sshd:
     allowgroups: sshd wheel
     # denyusers:
     # denygroups:
+    usr_min_uid: 1000
\ No newline at end of file