Merge pull request #51 from ansible-lockdown/priv_413

pre-commit and issue 413
2026-03-25 22:37:11 +00:00 · 2025-12-01 08:38:43 -05:00 · 2025-12-01 08:38:43 -05:00 · c04326b2fe
commit c04326b2fe
parent 63931388ed f80c60bb8a
3 changed files with 9 additions and 3 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -42,13 +42,13 @@ repos:
    name: Detect Secrets test

 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.27.2
+  rev: v8.29.1
  hooks:
  - id: gitleaks
    name: Run Gitleaks test

 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v25.9.0
+  rev: v25.11.0
  hooks:
  - id: ansible-lint
    name: Ansible-lint
--- a/Changelog.md
+++ b/Changelog.md
@ -1,5 +1,11 @@
 # Changes to rhel9CIS

+
+# Based on CIS v2.0.0
+pre-commit udpates
+public issue #410 thanks to @kpi-nourman
+public issue #413 thanks to @bbaassssiiee
+
 # Based on CIS v2.0.0
 Public issues incorporated
 Workflow updates
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -132,7 +132,7 @@
    - rule_5.4.2.4
  block:
    - name: "Ensure root password is set"
-      ansible.builtin.shell: LC_ALL=C passwd -S root | grep -E "(Password set|Password locked)"
+      ansible.builtin.shell: LC_ALL=C passwd -S root | grep -E "(Alternate authentication|Password set|Password locked)"
      changed_when: false
      failed_when: prelim_root_passwd_set.rc not in [ 0, 1 ]
      register: prelim_root_passwd_set