sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

added system account enhancement 5.4.2.7 thanks to @Thulium-Drake

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-11-11 17:35:12 +00:00
parent 44b712fdf9
commit f02a9d442f
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
defaults/main.yml
View file

@ -992,6 +992,11 @@ rhel9cis_futurepwchgdate_autofix: true
# 5.4.2.x # 5.4.2.x
rhel9cis_root_umask: '0027' # 0027 or more restrictive rhel9cis_root_umask: '0027' # 0027 or more restrictive
## Control 5.4.2.7 - Ensure system accounts are secured | Set nologin
# The system users on this list are allowed to have a shell (e.g. applications
# that require a shell to function)
rhel9cis_system_users_shell: []
## Control 5.4.3.2 - Configuring user shell timeout ## Control 5.4.3.2 - Configuring user shell timeout
# This dictionary is related to ensuring the rule about user shell timeout # This dictionary is related to ensuring the rule about user shell timeout
# This variable represents the amount of seconds a command or process is allowed to # This variable represents the amount of seconds a command or process is allowed to

1
tasks/section_5/cis_5.4.2.x.yml
View file

@ -199,6 +199,7 @@
when: when:
- rhel9cis_rule_5_4_2_7 - rhel9cis_rule_5_4_2_7
- "item.id not in prelim_interactive_usernames.stdout" - "item.id not in prelim_interactive_usernames.stdout"
- item.id not in rhel9cis_system_users_shell
- "'root' not in item.id" - "'root' not in item.id"
- rhel9cis_disruption_high - rhel9cis_disruption_high
tags: tags: