ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-25 22:53:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix: make 5.3.2.2 idempotent with 5.3.3.1.1

Browse source 
Signed-off-by: bol7742 <102948121+bol7742@users.noreply.github.com>
This commit is contained in:
bol7742 2025-12-22 11:28:49 +01:00 committed by GitHub
parent 53287f31a9
commit f15407dcb4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tasks/section_5/cis_5.3.2.x.yml
View file

@ -93,10 +93,10 @@
loop: loop:
- regexp: "auth\\s+required\\s+pam_faillock.so\\s+preauth" - regexp: "auth\\s+required\\s+pam_faillock.so\\s+preauth"
after: "auth\\s+required\\s+pam_env.so" # yamllint disable-line rule:colons after: "auth\\s+required\\s+pam_env.so" # yamllint disable-line rule:colons
line: "auth required pam_faillock.so preauth silent deny=3 unlock_timeout={{ rhel9cis_pam_faillock_unlock_time }}" # yamllint disable-line rule:colons line: "auth required pam_faillock.so preauth silent unlock_timeout={{ rhel9cis_pam_faillock_unlock_time }}" # yamllint disable-line rule:colons
- regexp: "auth\\s+required\\s+pam_faillock.so\\s+authfail" - regexp: "auth\\s+required\\s+pam_faillock.so\\s+authfail"
before: "auth\\s+required\\s+pam_deny.so" before: "auth\\s+required\\s+pam_deny.so"
line: "auth required pam_faillock.so authfail silent deny=3 unlock_timeout={{ rhel9cis_pam_faillock_unlock_time }}" # yamllint disable-line rule:colons line: "auth required pam_faillock.so authfail silent unlock_timeout={{ rhel9cis_pam_faillock_unlock_time }}" # yamllint disable-line rule:colons
- regexp: "account\\s+required\\s+pam_faillock.so" - regexp: "account\\s+required\\s+pam_faillock.so"
before: "account\\s+required\\s+pam_unix.so" before: "account\\s+required\\s+pam_unix.so"
line: "account required pam_faillock.so" # yamllint disable-line rule:colons line: "account required pam_faillock.so" # yamllint disable-line rule:colons
@ -112,10 +112,10 @@
loop: loop:
- regexp: "auth\\s+required\\s+pam_faillock.so\\s+preauth" - regexp: "auth\\s+required\\s+pam_faillock.so\\s+preauth"
after: "auth\\s+required\\s+pam_env.so" # yamllint disable-line rule:colons after: "auth\\s+required\\s+pam_env.so" # yamllint disable-line rule:colons
line: "auth required pam_faillock.so preauth silent deny=3 unlock_timeout={{ rhel9cis_pam_faillock_unlock_time }}" # yamllint disable-line rule:colons line: "auth required pam_faillock.so preauth silent unlock_timeout={{ rhel9cis_pam_faillock_unlock_time }}" # yamllint disable-line rule:colons
- regexp: "auth\\s+required\\s+pam_faillock.so\\s+authfail" - regexp: "auth\\s+required\\s+pam_faillock.so\\s+authfail"
before: "auth\\s+required\\s+pam_deny.so" before: "auth\\s+required\\s+pam_deny.so"
line: "auth required pam_faillock.so authfail silent deny=3 unlock_timeout={{ rhel9cis_pam_faillock_unlock_time }}" # yamllint disable-line rule:colons line: "auth required pam_faillock.so authfail silent unlock_timeout={{ rhel9cis_pam_faillock_unlock_time }}" # yamllint disable-line rule:colons
- regexp: "account\\s+required\\s+pam_faillock.so" - regexp: "account\\s+required\\s+pam_faillock.so"
before: "account\\s+required\\s+pam_unix.so" before: "account\\s+required\\s+pam_unix.so"
line: "account required pam_faillock.so" # yamllint disable-line rule:colons line: "account required pam_faillock.so" # yamllint disable-line rule:colons