ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

5.4.1.1: shell command should run in check_mode

Browse source 
Signed-off-by: polski-g <polski_g@sent.at>
This commit is contained in:
polski-g 2025-08-28 13:15:29 -04:00
parent 39c7dfa187
commit 88507f9516
No known key found for this signature in database
GPG key ID: C077F64D3FFD4D39
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tasks/section_5/cis_5.4.1.x.yml
View file

@ -24,6 +24,7 @@
ansible.builtin.shell: "awk -F: '(/^[^:]+:[^!*]/ && ($5> {{ rhel9cis_pass_max_days }} || $5< {{ rhel9cis_pass_max_days }} || $5 == -1)){print $1}' /etc/shadow"
changed_when: false
failed_when: false
check_mode: false
register: discovered_max_days
- name: "5.4.1.1 | PATCH | Ensure password expiration is 365 days or less | Set existing users PASS_MAX_DAYS"