From 52452b1e3c71d6fbb427edbc477234174420df16 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Fri, 28 Nov 2025 14:51:43 +0000
Subject: [PATCH] issues 413 addressed thansk to @bbaassssiiee

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 Changelog.md   | 4 +++-
 tasks/main.yml | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Changelog.md b/Changelog.md
index 737f860..ac9c3b6 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,6 +1,5 @@
 # Changes to rhel9CIS
 
-
 ## 2.0.4 - Based on CIS v2.0.0
 
 - addressed issue #393 thank you to @fragglexarmy
@@ -11,6 +10,9 @@
 - work flow updates
 - audit logic improvements
 - auditd template 2.19 compatible
+- pre-commit updates
+- #410 thanks to @kpi-nourman
+- #413 thanks to @bbaassssiiee
 
 ## 2.0.3 - Based on CIS v2.0.0
 - addressed issue #387, thank you @fragglexarmy
diff --git a/tasks/main.yml b/tasks/main.yml
index 760ee1b..6f97141 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -134,7 +134,7 @@
     - rule_5.4.2.4
   block:
     - name: "Ensure root password is set"
-      ansible.builtin.shell: LC_ALL=C passwd -S root | grep -E "(Password set|Password locked)"
+      ansible.builtin.shell: LC_ALL=C passwd -S root | grep -E "(\*LOCK\*|Password set|Password locked)"
       changed_when: false
       failed_when: prelim_root_passwd_set.rc not in [ 0, 1 ]
       register: prelim_root_passwd_set