ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

5.6.1.x Test with shell.

Browse source 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
This commit is contained in:
root@DERVISHx 2023-10-25 15:03:43 +01:00
parent be0a0de9d1
commit 0856639ab5
No known key found for this signature in database
GPG key ID: C68B144D8E6CCC46
2 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tasks/section_5/cis_5.6.1.x.yml
View file

@ -28,6 +28,18 @@
- password
- rule_5.6.1.2
- name: "5.6.1.2 | PATCH | Set existing users"
ansible.builtin.shell: getent passwd | awk -F: '$3 >= {{ usr_min_uid}} { print "echo "$1";chage -m {{ min_days }} -M {{ min_days }}"$1}'
when:
- rhel9cis_rule_5_6_1_2
tags:
- level1-server
- level1-workstation
- patch
- password
- rule_5.6.1.2
- name: "5.6.1.3 | PATCH | Ensure password expiration warning days is 7 or more"
ansible.builtin.lineinfile:
path: /etc/login.defs

1
vars/RedHat.yml
View file

@ -16,3 +16,4 @@ rhel9cis_sshd:
allowgroups: sshd wheel
# denyusers:
# denygroups:
usr_min_uid: 1000