ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Adding solution for users with passwords.

Browse source 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
This commit is contained in:
root@DERVISHx 2023-11-10 14:59:55 +00:00
parent 9fa57a2b41
commit e54ddf59fa
No known key found for this signature in database
GPG key ID: C68B144D8E6CCC46
1 changed files with 19 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

15
tasks/section_5/cis_5.6.1.x.yml
View file

@ -1,10 +1,25 @@
---
- name: "5.6.1.1 | PATCH | Ensure password expiration is 365 days or less"
block:
- name: "5.6.1.1 | PATCH | Set default."
ansible.builtin.lineinfile:
path: /etc/login.defs
regexp: '^PASS_MAX_DAYS'
line: "PASS_MAX_DAYS {{ rhel9cis_pass['max_days'] }}"
- name: "5.6.1.1 | AUDIT | Get existing users"
ansible.builtin.getent:
database: shadow
- name: "5.6.1.1 | PATCH | Set existing users"
ansible.builtin.user:
name: "{{ item }}"
password_expire_max: "{{ rhel9cis_pass['max_days'] }}"
loop: "{{ getent_shadow | dict2items | map(attribute='key') | list }}"
when: ( getent_shadow[item].0 != "!!" ) and
( getent_shadow[item].0 != "!*" ) and
( getent_shadow[item].0 != "*" )
when:
- rhel9cis_rule_5_6_1_1
tags: