sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

pam vars

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-04-04 19:31:02 +01:00
parent 223254b5c9
commit 3d5fd41ed8
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
1 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
defaults/main.yml
View file

@ -583,6 +583,7 @@ rhel9cis_authselect_custom_profile_create: false
# 5.3.2 Enable automation to select custom profile options, using the settings above # 5.3.2 Enable automation to select custom profile options, using the settings above
rhel9cis_authselect_custom_profile_select: false rhel9cis_authselect_custom_profile_select: false
rhel9cis_pass: rhel9cis_pass:
max_days: 365 max_days: 365
min_days: 7 min_days: 7
@ -591,14 +592,17 @@ rhel9cis_pass:
rhel9cis_syslog: rsyslog rhel9cis_syslog: rsyslog
rhel9cis_rsyslog_ansiblemanaged: true rhel9cis_rsyslog_ansiblemanaged: true
# 5.5.1
## PAM ## PAM
rhel9cis_pam_password: rhel9cis_pam_password: |
minlen: "14" minlen = 14
minclass: "4" minclass = 4
rhel9cis_pam_faillock:
remember: 5
# UID settings for interactive users # UID settings for interactive users
# These are discovered via logins.def is set true # These are discovered via logins.def if set true
discover_int_uid: false discover_int_uid: false
min_int_uid: 1000 min_int_uid: 1000
max_int_uid: 65533 max_int_uid: 65533