improvments v2

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

templates/etc/security/pwquality.conf.d/50-pwcomplexity.conf.j2

@@ -0,0 +1,7 @@
+# CIS Configurations
+# 5.3.3.2.3 Ensure password complexity is configured
+minclass = {{ rhel9cis_passwd_minclass }}
+dcredit = {{rhel9cis_passwd_dcredit }}
+ucredit = {{ rhel9cis_passwd_ucredit }}
+ocredit = {{ rhel9cis_passwd_ocredit }}
+lcredit = {{ rhel9cis_passwd_lcredit }}

templates/etc/security/pwquality.conf.d/50-pwdictcheck.conf.j2

@@ -0,0 +1,3 @@
+# CIS Configurations
+# 5.3.3.2.6 Ensure password dictionary check is enabled
+dictcheck = {{ rhel9cis_passwd_dictcheck_value }}

templates/etc/security/pwquality.conf.d/50-pwdifok.conf.j2

@@ -0,0 +1,3 @@
+# CIS Configurations
+# 5.3.3.2.1 Ensure password number of changed characters is configured
+difok = {{ rhel9cis_passwd_difok_value }}

templates/etc/security/pwquality.conf.d/50-pwlength.conf.j2

@@ -0,0 +1,3 @@
+# CIS Configurations
+# 5.3.3.2.2 Ensure minimum password length is configured
+minlen = {{ rhel9cis_passwd_minlen_value }}

templates/etc/security/pwquality.conf.d/50-pwmaxsequence.conf.j2

@@ -0,0 +1,3 @@
+# CIS Configurations
+# 5.3.3.2.5 Ensure password maximum sequential characters is configured
+maxsequence = {{ rhel9cis_passwd_maxsequence_value }}

templates/etc/security/pwquality.conf.d/50-pwquality_enforce.conf.j2

@@ -0,0 +1,3 @@
+# CIS Configurations
+# 5.3.3.2.7 Ensure password quality checking is enforced
+enforcing = {{ rhel9cis_passwd_quality_enforce_value }}

templates/etc/security/pwquality.conf.d/50-pwrepeat.conf.j2

@@ -0,0 +1,3 @@
+# CIS Configurations
+# 5.3.3.2.4 Ensure password same consecutive characters is configured
+maxrepeat = {{ rhel9cis_passwd_maxrepeat_value }}

templates/etc/security/pwquality.conf.d/50-pwroot.conf.j2

@@ -0,0 +1,3 @@
+# CIS Configurations
+# 5.3.3.2.8 Ensure password quality is enforced for the root user
+{{ rhel9cis_passwd_quality_enforce_root_value }}