---

# Access, Authentication, and Authorization

- name: "SECTION | 5.1 | Configure SSH Server"
  when:
    - "'openssh-server' in ansible_facts.packages"
    - rhel9cis_section5_1
  ansible.builtin.import_tasks:
    file: cis_5.1.x.yml

- name: "SECTION | 5.2 | Configure privilege escalation"
  when:
    - rhel9cis_section5_2
  ansible.builtin.import_tasks:
    file: cis_5.2.x.yml

- name: "SECTION | 5.3"
  when:
    - rhel9cis_section5_3
  block:
    - name: "SECTION | 5.3.1.x | Configure PAM software packages"
      ansible.builtin.import_tasks:
        file: cis_5.3.1.x.yml

    - name: "SECTION | 5.3.2.x | Configure authselect"
      ansible.builtin.import_tasks:
        file: cis_5.3.2.x.yml

    - name: "SECTION | 5.3.3.1.x | Configure pam_faillock module"
      ansible.builtin.import_tasks:
        file: cis_5.3.3.1.x.yml

    - name: "SECTION | 5.3.3.2.x | Configure pam_pwquality module"
      ansible.builtin.import_tasks:
        file: cis_5.3.3.2.x.yml

    - name: "SECTION | 5.3.3.3.x | Configure pam_pwhistory module"
      ansible.builtin.import_tasks:
        file: cis_5.3.3.3.x.yml

    - name: "SECTION | 5.3.3.4.x | Configure pam_unix module"
      ansible.builtin.import_tasks:
        file: cis_5.3.3.4.x.yml

- name: "SECTION | 5.4"
  when:
    - rhel9cis_section5_4
  block:
    - name: "SECTION | 5.4.1.x | Configure shadow password suite parameters"
      ansible.builtin.import_tasks:
        file: cis_5.4.1.x.yml

    - name: "SECTION | 5.4.2.x | Configure root and system accounts and environment"
      ansible.builtin.import_tasks:
        file: cis_5.4.2.x.yml

    - name: "SECTION | 5.4.3.x | Configure user default environment"
      ansible.builtin.import_tasks:
        file: cis_5.4.3.x.yml