ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Adding solution for users with passwords.

Browse source 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
This commit is contained in:
root@DERVISHx 2023-11-10 15:03:04 +00:00
parent 9fa57a2b41
commit 73dc65db12
No known key found for this signature in database
GPG key ID: C68B144D8E6CCC46
1 changed files with 19 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

23
tasks/section_5/cis_5.6.1.x.yml
View file

@ -15,10 +15,25 @@
- rule_5.5.1.1 - rule_5.5.1.1
- name: "5.6.1.2 | PATCH | Ensure minimum days between password changes is 7 or more" - name: "5.6.1.2 | PATCH | Ensure minimum days between password changes is 7 or more"
ansible.builtin.lineinfile: block:
path: /etc/login.defs - name: "5.6.1.2 | PATCH | Set default."
regexp: '^PASS_MIN_DAYS' ansible.builtin.lineinfile:
line: "PASS_MIN_DAYS {{ rhel9cis_pass['min_days'] }}" path: /etc/login.defs
regexp: '^PASS_MIN_DAYS'
line: "PASS_MIN_DAYS {{ rhel9cis_pass['min_days'] }}"
- name: "5.6.1.2 | AUDIT | Get existing users"
ansible.builtin.getent:
database: shadow
- name: "5.6.1.2 | PATCH | Set existing users"
ansible.builtin.user:
name: "{{ item }}"
password_expire_min: "{{ rhel9cis_pass['min_days'] }}"
loop: "{{ getent_shadow | dict2items | map(attribute='key') | list }}"
when: ( getent_shadow[item].0 != "!!" ) and
( getent_shadow[item].0 != "!*" ) and
( getent_shadow[item].0 != "*" )
when: when:
- rhel9cis_rule_5_6_1_2 - rhel9cis_rule_5_6_1_2
tags: tags: