From bd7c4e3da2c8a7c28450596e1abda85fef893ab0 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Wed, 5 Jun 2024 08:01:17 +0100 Subject: [PATCH] improved tests based upon #190 thanks to @ipruteanu-sie Signed-off-by: Mark Bolwell --- tasks/section_5/cis_5.6.1.x.yml | 1 + tasks/section_5/cis_5.6.x.yml | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/tasks/section_5/cis_5.6.1.x.yml b/tasks/section_5/cis_5.6.1.x.yml index 6ad3dc0..7abe1d1 100644 --- a/tasks/section_5/cis_5.6.1.x.yml +++ b/tasks/section_5/cis_5.6.1.x.yml @@ -116,6 +116,7 @@ - name: "5.6.1.4 | PATCH | Ensure inactive password lock is 30 days or less | Apply Inactive setting to existing accounts" ansible.builtin.shell: chage --inactive {{ rhel9cis_inactivelock.lock_days }} "{{ item }}" loop: "{{ rhel9cis_5_6_1_4_user_list.stdout_lines }}" + when: item in discovered_interactive_usernames.stdout when: - rhel9cis_rule_5_6_1_4 tags: diff --git a/tasks/section_5/cis_5.6.x.yml b/tasks/section_5/cis_5.6.x.yml index 8fba898..5271388 100644 --- a/tasks/section_5/cis_5.6.x.yml +++ b/tasks/section_5/cis_5.6.x.yml @@ -14,8 +14,10 @@ - item.id != "halt" - item.id != "nfsnobody" - item.uid < min_int_uid | int - - item.shell != " /bin/false" - - item.shell != " /usr/sbin/nologin" + - item.shell != "/bin/false" + - item.shell != "/usr/sbin/nologin" + - item.shell != "/sbin/nologin" + - item.shell != "/dev/null" loop_control: label: "{{ item.id }}" @@ -31,8 +33,10 @@ - item.id != "root" - item.id != "nfsnobody" - item.uid < min_int_uid | int - - item.shell != " /bin/false" - - item.shell != " /usr/sbin/nologin" + - item.shell != "/bin/false" + - item.shell != "/usr/sbin/nologin" + - item.shell != "/sbin/nologin" + - item.shell != "/dev/null" loop_control: label: "{{ item.id }}" when: