sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

5.4.1.5 improvemet

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-12-11 12:37:40 +00:00
parent 8cbf82bbc9
commit ae228e3f96
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tasks/section_5/cis_5.4.1.x.yml
View file

@ -139,8 +139,7 @@
changed_when: true changed_when: true
- name: "5.4.1.5 | AUDIT | Ensure inactive password lock is 30 days or less | Getting user list" - name: "5.4.1.5 | AUDIT | Ensure inactive password lock is 30 days or less | Getting user list"
ansible.builtin.shell: | ansible.builtin.shell: "awk -F: '/^[^#:]+:[^\\!\\*:]*:[^:]*:[^:]*:[^:]*:[^:]*:(\\s*|-1|3[1-9]|[4-9][0-9]|[1-9][0-9][0-9]+):[^:]*:[^:]*\\s*$/ {print $1}' /etc/shadow"
"awk -F: '/^[^#:]+:[^\\!\\*:]*:[^:]*:[^:]*:[^:]*:[^:]*:(\\s*|-1|3[1-9]|[4-9][0-9]|[1-9][0-9][0-9]+):[^:]*:[^:]*\\s*$/ {print $1}' /etc/shadow"
changed_when: false changed_when: false
check_mode: false check_mode: false
register: discovered_passwdlck_user_list register: discovered_passwdlck_user_list