Merge pull request #51 from ansible-lockdown/priv_413

pre-commit and issue 413

.pre-commit-config.yaml

@@ -42,13 +42,13 @@ repos:
     name: Detect Secrets test
 
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.27.2
+  rev: v8.29.1
   hooks:
   - id: gitleaks
     name: Run Gitleaks test
 
 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v25.9.0
+  rev: v25.11.0
   hooks:
   - id: ansible-lint
     name: Ansible-lint

Changelog.md

@@ -1,5 +1,11 @@
 # Changes to rhel9CIS
 
+
+# Based on CIS v2.0.0
+pre-commit udpates
+public issue #410 thanks to @kpi-nourman
+public issue #413 thanks to @bbaassssiiee
+
 # Based on CIS v2.0.0
 Public issues incorporated
 Workflow updates

tasks/main.yml

@@ -132,7 +132,7 @@
     - rule_5.4.2.4
   block:
     - name: "Ensure root password is set"
-      ansible.builtin.shell: LC_ALL=C passwd -S root | grep -E "(Password set|Password locked)"
+      ansible.builtin.shell: LC_ALL=C passwd -S root | grep -E "(Alternate authentication|Password set|Password locked)"
       changed_when: false
       failed_when: prelim_root_passwd_set.rc not in [ 0, 1 ]
       register: prelim_root_passwd_set