RHEL9-CIS/tasks/section_5/cis_5.3.1.x.yml

---

- name: "5.3.1.1 | PATCH | Ensure latest version of pam is installed"
  when:
    - rhel9cis_rule_5_3_1_1
    - ansible_facts.packages['pam'][0]['version'] is version('1.5.1-19', '<') or
      "'pam' not in ansible_facts.packages"
  tags:
    - level1-server
    - level1-workstation
    - patch
    - pam
    - rule_5.3.1.1
  ansible.builtin.package:
    name: pam
    state: latest

- name: "5.3.1.2 | PATCH | Ensure latest version of authselect is installed"
  when:
    - rhel9cis_rule_5_3_1_2
    - rhel9cis_authselect_pkg_update
    - ansible_facts.packages['authselect'][0]['version'] is version('1.2.6-2', '<') or
      "'authselect' not in ansible_facts.packages"
  tags:
    - level1-server
    - level1-workstation
    - patch
    - pam
    - rule_5.3.1.2
  block:
    - name: "5.3.1.2 | PATCH | Ensure latest version of authselect is installed | Patch"
      ansible.builtin.package:
        name: authselect
        state: latest
      register: discovered_authselect_updated

    - name: "5.3.1.2 | AUDIT | Ensure latest version of authselect is installed | Patch"
      when: discovered_authselect_updated.changed  # noqa no-handler
      ansible.builtin.set_fact:
        authselect_update: OK

- name: "5.3.1.3 | PATCH | Ensure libpwquality is installed"
  when:
    - rhel9cis_rule_5_3_1_3
    - ansible_facts.packages['libpwquality'][0]['version'] is version('1.4.4-8', '<') or
      "'libpwquality' not in ansible_facts.packages"
  tags:
    - level1-server
    - level1-workstation
    - patch
    - pam
    - rule_5.3.1.3
  ansible.builtin.package:
    name: libpwquality
    state: latest
section 5 v2 initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-07-24 14:00:45 +01:00			`---`

			`- name: "5.3.1.1 \| PATCH \| Ensure latest version of pam is installed"`
			`when:`
			`- rhel9cis_rule_5_3_1_1`
			`- ansible_facts.packages['pam'][0]['version'] is version('1.5.1-19', '<') or`
			`"'pam' not in ansible_facts.packages"`
			`tags:`
			`- level1-server`
			`- level1-workstation`
			`- patch`
			`- pam`
			`- rule_5.3.1.1`
			`ansible.builtin.package:`
			`name: pam`
			`state: latest`

			`- name: "5.3.1.2 \| PATCH \| Ensure latest version of authselect is installed"`
			`when:`
			`- rhel9cis_rule_5_3_1_2`
			`- rhel9cis_authselect_pkg_update`
			`- ansible_facts.packages['authselect'][0]['version'] is version('1.2.6-2', '<') or`
			`"'authselect' not in ansible_facts.packages"`
			`tags:`
			`- level1-server`
			`- level1-workstation`
			`- patch`
			`- pam`
			`- rule_5.3.1.2`
			`block:`
			`- name: "5.3.1.2 \| PATCH \| Ensure latest version of authselect is installed \| Patch"`
			`ansible.builtin.package:`
			`name: authselect`
			`state: latest`
lint and var renaming Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-11-04 18:39:01 +00:00			`register: discovered_authselect_updated`
section 5 v2 initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-07-24 14:00:45 +01:00
			`- name: "5.3.1.2 \| AUDIT \| Ensure latest version of authselect is installed \| Patch"`
lint and var renaming Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-11-04 18:39:01 +00:00			`when: discovered_authselect_updated.changed # noqa no-handler`
section 5 v2 initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-07-24 14:00:45 +01:00			`ansible.builtin.set_fact:`
			`authselect_update: OK`

			`- name: "5.3.1.3 \| PATCH \| Ensure libpwquality is installed"`
			`when:`
			`- rhel9cis_rule_5_3_1_3`
v2 improvements Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-08-07 10:29:03 +01:00			`- ansible_facts.packages['libpwquality'][0]['version'] is version('1.4.4-8', '<') or`
section 5 v2 initial Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> 2024-07-24 14:00:45 +01:00			`"'libpwquality' not in ansible_facts.packages"`
			`tags:`
			`- level1-server`
			`- level1-workstation`
			`- patch`
			`- pam`
			`- rule_5.3.1.3`
			`ansible.builtin.package:`
			`name: libpwquality`
			`state: latest`