RHEL9-CIS/tasks/section_5/main.yml

---

# Access, Authentication, and Authorization

- name: "SECTION | 5.1 | Configure SSH Server"
  when:
    - "'openssh-server' in ansible_facts.packages"
    - rhel9cis_section5_1
  ansible.builtin.import_tasks:
    file: cis_5.1.x.yml

- name: "SECTION | 5.2 | Configure privilege escalation"
  when:
    - rhel9cis_section5_2
  ansible.builtin.import_tasks:
    file: cis_5.2.x.yml

- name: "SECTION | 5.3"
  when:
    - rhel9cis_section5_3
  block:
    - name: "SECTION | 5.3.1.x | Configure PAM software packages"
      ansible.builtin.import_tasks:
        file: cis_5.3.1.x.yml

    - name: "SECTION | 5.3.2.x | Configure authselect"
      ansible.builtin.import_tasks:
        file: cis_5.3.2.x.yml

    - name: "SECTION | 5.3.3.1.x | Configure pam_faillock module"
      ansible.builtin.import_tasks:
        file: cis_5.3.3.1.x.yml

    - name: "SECTION | 5.3.3.2.x | Configure pam_pwquality module"
      ansible.builtin.import_tasks:
        file: cis_5.3.3.2.x.yml

    - name: "SECTION | 5.3.3.3.x | Configure pam_pwhistory module"
      ansible.builtin.import_tasks:
        file: cis_5.3.3.3.x.yml

    - name: "SECTION | 5.3.3.4.x | Configure pam_unix module"
      ansible.builtin.import_tasks:
        file: cis_5.3.3.4.x.yml

- name: "SECTION | 5.4"
  when:
    - rhel9cis_section5_4
  block:
    - name: "SECTION | 5.4.1.x | Configure shadow password suite parameters"
      ansible.builtin.import_tasks:
        file: cis_5.4.1.x.yml

    - name: "SECTION | 5.4.2.x | Configure root and system accounts and environment"
      ansible.builtin.import_tasks:
        file: cis_5.4.2.x.yml

    - name: "SECTION | 5.4.3.x | Configure user default environment"
      ansible.builtin.import_tasks:
        file: cis_5.4.3.x.yml
Initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-01-07 09:06:18 +00:00			`---`

updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-03-30 16:18:11 +01:00			`# Access, Authentication, and Authorization`

section 5 v2 initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-07-24 14:00:45 +01:00			`- name: "SECTION \| 5.1 \| Configure SSH Server"`
			`when:`
			`- "'openssh-server' in ansible_facts.packages"`
Support section 5 modularization corrected trailing whitespace Signed-off-by: polski-g <polski_g@sent.at> 2025-09-02 12:15:45 -04:00			`- rhel9cis_section5_1`
import_tasks file added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2023-09-21 14:55:55 +01:00			`ansible.builtin.import_tasks:`
section 5 v2 initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-07-24 14:00:45 +01:00			`file: cis_5.1.x.yml`
Initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-01-07 09:06:18 +00:00
section 5 v2 initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-07-24 14:00:45 +01:00			`- name: "SECTION \| 5.2 \| Configure privilege escalation"`
Support section 5 modularization corrected trailing whitespace Signed-off-by: polski-g <polski_g@sent.at> 2025-09-02 12:15:45 -04:00			`when:`
fixed typo Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2025-10-01 10:32:24 +01:00			`- rhel9cis_section5_2`
import_tasks file added Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2023-09-21 14:55:55 +01:00			`ansible.builtin.import_tasks:`
section 5 v2 initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-07-24 14:00:45 +01:00			`file: cis_5.2.x.yml`

Support section 5 modularization corrected trailing whitespace Signed-off-by: polski-g <polski_g@sent.at> 2025-09-02 12:15:45 -04:00			`- name: "SECTION \| 5.3"`
			`when:`
			`- rhel9cis_section5_3`
			`block:`
			`- name: "SECTION \| 5.3.1.x \| Configure PAM software packages"`
			`ansible.builtin.import_tasks:`
			`file: cis_5.3.1.x.yml`
Initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-01-07 09:06:18 +00:00
Support section 5 modularization corrected trailing whitespace Signed-off-by: polski-g <polski_g@sent.at> 2025-09-02 12:15:45 -04:00			`- name: "SECTION \| 5.3.2.x \| Configure authselect"`
			`ansible.builtin.import_tasks:`
			`file: cis_5.3.2.x.yml`
Initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-01-07 09:06:18 +00:00
Support section 5 modularization corrected trailing whitespace Signed-off-by: polski-g <polski_g@sent.at> 2025-09-02 12:15:45 -04:00			`- name: "SECTION \| 5.3.3.1.x \| Configure pam_faillock module"`
			`ansible.builtin.import_tasks:`
			`file: cis_5.3.3.1.x.yml`
Initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-01-07 09:06:18 +00:00
Support section 5 modularization corrected trailing whitespace Signed-off-by: polski-g <polski_g@sent.at> 2025-09-02 12:15:45 -04:00			`- name: "SECTION \| 5.3.3.2.x \| Configure pam_pwquality module"`
			`ansible.builtin.import_tasks:`
			`file: cis_5.3.3.2.x.yml`
Address #191 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-06-05 09:46:14 +01:00
Support section 5 modularization corrected trailing whitespace Signed-off-by: polski-g <polski_g@sent.at> 2025-09-02 12:15:45 -04:00			`- name: "SECTION \| 5.3.3.3.x \| Configure pam_pwhistory module"`
			`ansible.builtin.import_tasks:`
			`file: cis_5.3.3.3.x.yml`
Initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-01-07 09:06:18 +00:00
Support section 5 modularization corrected trailing whitespace Signed-off-by: polski-g <polski_g@sent.at> 2025-09-02 12:15:45 -04:00			`- name: "SECTION \| 5.3.3.4.x \| Configure pam_unix module"`
			`ansible.builtin.import_tasks:`
			`file: cis_5.3.3.4.x.yml`
Initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2022-01-07 09:06:18 +00:00
Support section 5 modularization corrected trailing whitespace Signed-off-by: polski-g <polski_g@sent.at> 2025-09-02 12:15:45 -04:00			`- name: "SECTION \| 5.4"`
			`when:`
			`- rhel9cis_section5_4`
			`block:`
			`- name: "SECTION \| 5.4.1.x \| Configure shadow password suite parameters"`
			`ansible.builtin.import_tasks:`
			`file: cis_5.4.1.x.yml`

			`- name: "SECTION \| 5.4.2.x \| Configure root and system accounts and environment"`
			`ansible.builtin.import_tasks:`
			`file: cis_5.4.2.x.yml`

			`- name: "SECTION \| 5.4.3.x \| Configure user default environment"`
			`ansible.builtin.import_tasks:`
			`file: cis_5.4.3.x.yml`