improved tests based upon #190 thanks to @ipruteanu-sie

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-06-05 08:01:17 +01:00 · 2024-06-05 08:01:17 +01:00 · bd7c4e3da2
commit bd7c4e3da2
parent b279a9fb80
2 changed files with 9 additions and 4 deletions
--- a/tasks/section_5/cis_5.6.1.x.yml
+++ b/tasks/section_5/cis_5.6.1.x.yml
@ -116,6 +116,7 @@
      - name: "5.6.1.4 | PATCH | Ensure inactive password lock is 30 days or less | Apply Inactive setting to existing accounts"
        ansible.builtin.shell: chage --inactive {{ rhel9cis_inactivelock.lock_days }} "{{ item }}"
        loop: "{{ rhel9cis_5_6_1_4_user_list.stdout_lines }}"
+        when: item in discovered_interactive_usernames.stdout
  when:
      - rhel9cis_rule_5_6_1_4
  tags:
--- a/tasks/section_5/cis_5.6.x.yml
+++ b/tasks/section_5/cis_5.6.x.yml
@ -14,8 +14,10 @@
            - item.id != "halt"
            - item.id != "nfsnobody"
            - item.uid < min_int_uid | int
-            - item.shell != "      /bin/false"
-            - item.shell != "      /usr/sbin/nologin"
+            - item.shell != "/bin/false"
+            - item.shell != "/usr/sbin/nologin"
+            - item.shell != "/sbin/nologin"
+            - item.shell != "/dev/null"
        loop_control:
            label: "{{ item.id }}"

@ -31,8 +33,10 @@
            - item.id != "root"
            - item.id != "nfsnobody"
            - item.uid < min_int_uid | int
-            - item.shell != "      /bin/false"
-            - item.shell != "      /usr/sbin/nologin"
+            - item.shell != "/bin/false"
+            - item.shell != "/usr/sbin/nologin"
+            - item.shell != "/sbin/nologin"
+            - item.shell != "/dev/null"
        loop_control:
            label: "{{ item.id }}"
  when: