5.6.6 test added

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-01-27 11:02:01 +00:00 · 2023-01-27 11:02:01 +00:00 · 98feeb1b01
commit 98feeb1b01
parent d770c69aca
1 changed files with 22 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -42,6 +42,28 @@
  tags:
      - user_passwd

+- name: "Ensure root password is set"
+  block:
+      - name: "Ensure root password is set"
+        ansible.builtin.shell: passwd -S root | grep "Password set, SHA512 crypt"
+        changed_when: false
+        register: root_passwd_set
+
+      - name: "Ensure root password is set"
+        ansible.builtin.assert:
+            that: root_passwd_set.rc == 0
+            fail_msg: "You have rule 5.6.6 enabled this requires that you have a root password set"
+            success_msg: "You have a root password set"
+  when:
+      - rhel9cis_rule_5_6_6
+  tags:
+      - level1-server
+      - level1-workstation
+      - patch
+      - accounts
+      - root
+      - rule_5.6.6
+
 - name: Setup rules if container
  block:
      - name: Discover and set container variable if required