ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-03-25 22:37:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix logic and notes for in crypto policy building

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-06-20 11:32:31 +01:00
parent aaea8352de
commit 82cc458d7a
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
5 changed files with 19 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tasks/main.yml
View file

@ -61,7 +61,7 @@
- crypto
- NIST800-53R5_SC-6
ansible.builtin.assert:
that: rhel9cis_crypto_policy_module in rhel9cis_allowed_crypto_policies_modules
that: rhel9cis_additional_crypto_policy_module in rhel9cis_allowed_crypto_policies_modules
fail_msg: "Crypto policy module is not a permitted version"
success_msg: "Crypto policy module is a permitted version"
@ -132,9 +132,8 @@
- rule_5.4.2.4
block:
- name: "Ensure root password is set"
ansible.builtin.shell: passwd -S root | grep -E "(Password set, SHA512 crypt|Password locked)"
ansible.builtin.shell: passwd -S root | egrep -e "(Password set, SHA512 crypt|Password locked)"
changed_when: false
failed_when: prelim_root_passwd_set.rc not in [ 0, 1 ]
register: prelim_root_passwd_set
- name: "Ensure root password is set"