ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

updated authselect logic

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-08-08 11:08:09 +01:00
parent 9598139f4c
commit 565ef20715
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
4 changed files with 135 additions and 93 deletions
Download patch file Download diff file Expand all files Collapse all files

23
tasks/main.yml
View file

@ -112,6 +112,29 @@
fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_env.SUDO_USER }} is locked - It can break access"
success_msg: "The local account is not locked for {{ ansible_env.SUDO_USER }} user"
- name: "PRELIM | AUDIT | Check authselect profile is selected"
when:
- rhel9cis_allow_authselect_updates
tags:
- always
block:
- name: "PRELIM | AUDIT | Check authselect profile name has been updated"
ansible.builtin.assert:
that: rhel9cis_authselect_custom_profile_name != 'cis_example_profile'
fail_msg: "You still have the default name for your authselect profile"
- name: "PRELIM | AUDIT | Check authselect profile is selected"
ansible.builtin.shell: authselect current
changed_when: false
failed_when: prelim_authselect_current_config.rc not in [ 0, 1 ]
register: prelim_authselect_current_config
- name: "PRELIM | AUDIT | Check authselect profile is selected"
ansible.builtin.assert:
that: prelim_authselect_current_config is defined
success_msg: "Authselect is running and profile is selected"
fail_msg: Authselect updates have been selected there are issues with profile selection"
- name: "Ensure root password is set"
when:
- rhel9cis_rule_5_4_2_4