sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

use var values for pam_faillock

Browse source 
Signed-off-by: Jay Olinares <jay.olinares@gmail.com>
This commit is contained in:
Jay Olinares 2023-04-13 13:50:15 +10:00
parent 1ef886c0a9
commit fb4216be9f
No known key found for this signature in database
GPG key ID: 33B9CD05D8BF7F44
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/section_5/cis_5.5.x.yml
View file

@ -38,8 +38,8 @@
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
loop:
- { regexp: '^\s*deny\s*=\s*[1-5]\b', line: 'deny = 5' }
- { regexp: '^\s*unlock_time\s*=\s*(0|9[0-9][0-9]|[1-9][0-9][0-9][0-9]+)\b', line: 'unlock_time = 900' }
- { regexp: '^\s*deny\s*=\s*[1-5]\b', line: 'deny = {{ rhel9cis_pam_faillock.deny }}' }
- { regexp: '^\s*unlock_time\s*=\s*(0|9[0-9][0-9]|[1-9][0-9][0-9][0-9]+)\b', line: 'unlock_time = {{ rhel9cis_pam_faillock.unlock_time }}' }
when:
- rhel9cis_rule_5_5_2